CVE-2024-31030 |
Description: An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-30889 |
Description: Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-30801 |
Description: SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-30165 |
Description: Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-30164 |
Description: Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-29944 |
Description: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-29943 |
Description: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-29737 |
Description: In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.
Mitigation:
all users should upgrade to 2.1.4
Background info:
Log in to Streampark using the default username (e.g. test1, test2, test3) and the default password (streampark). Navigate to the Project module, then add a new project. Enter the git repository address of the project and input `touch /tmp/success_2.1.2` as the "Build Argument". Note that there is no verification and interception of the special character "`". As a result, you will find that this injection command will be successfully executed after executing the build.
In the latest version, the special symbol ` is intercepted.
EPSS Score: 0.51%
February 14th, 2025 (5 months ago)
|
CVE-2024-29735 |
Description: Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.
Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix groupĀ of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem.
If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable.
This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway.
You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users.
Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems.
Recommendation for users using Airflow outside of the containers:
* if you are using root to run Airflow, change your Airflow user to use non-root
* upgrade Apache Airflow to 2.8.4 or above
* If you prefer not to upgrade, you can change the ...
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-29733 |
Description: Improper Certificate Validation vulnerability in Apache Airflow FTP Provider.
The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly.
This issue affects Apache Airflow FTP Provider: before 3.7.0.
Users are recommended to upgrade to version 3.7.0, which fixes the issue.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|