6026 matches found
GHSA-45R6-J3CC-6MXX OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...
CVE-2022-41131
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...
CVE-2022-38649
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
CVE-2022-38649
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
Command injection
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
Command injection
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...
Apache Airflow 操作系统命令注入漏洞
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring. Apache Airflow suffers from an operating system command injection vulnerability that stems from an improper neutralization ...
CVE-2022-41131 Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...
CVE-2022-41131 Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...
Apache Airflow 操作系统命令注入漏洞
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring. Apache Airflow is vulnerable to an operating system command injection vulnerability, which stems from an improper...
Apache Airflow 操作系统命令注入漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow Spark Provider versions prior to 4.0.0...
XXL-JOB code issue vulnerability
XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xueli XXL-JOB community.A security vulnerability exists in versions prior to XXL-JOB v2.3.1, which stems from a vulnerability found via the component /admin/controller/JobLogController.java containing...
kernel: sched/fair: Fix fault in reweight_entity
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweightentity Syzbot found a GPF in reweightentity. This has been bisected to commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" There is a race between schedpostfork and...
GSD-2022-1006797 io_uring/rw: defer fsnotify calls to task context
iouring/rw: defer fsnotify calls to task context This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
PT-2022-35515 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: A use-after-free bug was found in the smp execute task sg function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
PT-2022-35658 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: A use-after-free bug was found in the smp execute task sg function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
PT-2022-35314 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: A use-after-free bug was found in the smp execute task sg function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v2.6.19 and fixe...
PT-2022-35055 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A use-after-free bug was found in the smp execute task sg function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v2.6.19 and fixed ...
PT-2022-35052 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to the io uring/rw component, where fsnotify calls are not properly deferred to the task context. This could potentially lead to security vulnerabilities, although the...
PT-2022-36767 · Git +1 · Fluent-Bit
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 8 crash type. The crash state involves functions such as output thread, step callback, and flb task...