Total
10018 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-35797 | 1 Apache | 1 Apache-airflow-providers-apache-hive | 2024-10-07 | N/A | 9.8 CRITICAL |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability. | |||||
CVE-2023-22886 | 1 Apache | 1 Apache-airflow-providers-jdbc | 2024-10-07 | N/A | 8.8 HIGH |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0. | |||||
CVE-2024-20406 | 1 Cisco | 1 Ios Xr | 2024-10-07 | N/A | 7.4 HIGH |
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type. | |||||
CVE-2024-8889 | 1 Circutor | 2 Tcp2rs\+, Tcp2rs\+ Firmware | 2024-10-07 | N/A | 9.1 CRITICAL |
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle. | |||||
CVE-2024-24695 | 1 Zoom | 3 Meeting Software Development Kit, Vdi Windows Meeting Clients, Zoom | 2024-10-04 | N/A | 6.5 MEDIUM |
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||||
CVE-2023-37415 | 1 Apache | 1 Apache-airflow-providers-apache-hive | 2024-10-04 | N/A | 8.8 HIGH |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability. | |||||
CVE-2024-24696 | 1 Zoom | 3 Meeting Software Development Kit, Vdi Windows Meeting Clients, Zoom | 2024-10-04 | N/A | 6.5 MEDIUM |
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||||
CVE-2024-9407 | 2024-10-04 | N/A | 4.7 MEDIUM | ||
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. | |||||
CVE-2024-45871 | 2024-10-04 | N/A | 6.3 MEDIUM | ||
Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). | |||||
CVE-2024-25590 | 2024-10-04 | N/A | 7.5 HIGH | ||
An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. | |||||
CVE-2023-3705 | 1 Cpplusworld | 6 Cp-vnr-3104, Cp-vnr-3104 Firmware, Cp-vnr-3108 and 3 more | 2024-10-02 | N/A | 7.5 HIGH |
The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. | |||||
CVE-2024-47179 | 2024-10-02 | N/A | 8.8 HIGH | ||
RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made the repository no longer vulnerable. The `docker-test-cont.yml` workflow gets triggered when the `PR - Docker build test` workflow completes successfully. It then collects some information about the Pull Request that triggered the triggering workflow and set some labels depending on the PR body and sender. If the PR also contains a `routes` markdown block, it will set the `TEST_CONTINUE` environment variable to `true`. The workflow then downloads and extracts an artifact uploaded by the triggering workflow which is expected to contain a single `rsshub.tar.zst` file. However, prior to commit 64e00e7, it did not validate and the contents were extracted in the root of the workspace overriding any existing files. Since the contents of the artifact were not validated, it is possible for a malicious actor to send a Pull Request which uploads, not just the `rsshub.tar.zst` compressed docker image, but also a malicious `package.json` file with a script to run arbitrary code in the context of the privileged workflow. As of commit 64e00e7, this scenario has been addressed and the RSSHub repository is no longer vulnerable. | |||||
CVE-2023-26095 | 1 Stormshield | 1 Stormshield Network Security | 2024-10-02 | N/A | 7.5 HIGH |
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet. | |||||
CVE-2024-45825 | 1 Rockwellautomation | 2 5015-u8ihft, 5015-u8ihft Firmware | 2024-10-02 | N/A | 7.5 HIGH |
CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service. | |||||
CVE-2023-39137 | 1 Archive Project | 1 Archive | 2024-10-01 | N/A | 7.8 HIGH |
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing. | |||||
CVE-2024-45537 | 1 Apache | 1 Druid | 2024-10-01 | N/A | 6.5 MEDIUM |
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list. Users without the permission to configure JDBC connections are not able to exploit this vulnerability. CVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2. This issue is fixed in Apache Druid 30.0.1. | |||||
CVE-2023-4357 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-10-01 | N/A | 8.8 HIGH |
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2023-40272 | 2024-10-01 | N/A | 7.5 HIGH | ||
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected. | |||||
CVE-2023-39553 | 1 Apache | 1 Apache-airflow-providers-apache-drill | 2024-10-01 | N/A | 7.5 HIGH |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected. | |||||
CVE-2023-33934 | 1 Apache | 1 Traffic Server | 2024-10-01 | N/A | 9.1 CRITICAL |
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. |