airflow-dags's People
airflow-dags's Issues
Low vulnerability: "Improper input validation in shadow-utils package utility chfn" in govwa:latest / dervoeti/govwa
Rule full description: In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
Precision: very-high
Security-Severity: 2.0
Tags: ['vulnerability', 'security', 'LOW']
Branch: master
SecObserve observation: /#/observations/2352/show
Low vulnerability: "OP_KETRMAX feature in the match function in pcre_exec.c" in govwa:latest / dervoeti/govwa
Rule full description: In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
Precision: very-high
Security-Severity: 2.0
Tags: ['vulnerability', 'security', 'LOW']
Branch: master
SecObserve observation: /#/observations/2349/show
Observation status: False positive
Medium vulnerability: "Denial of service via decompression of crafted file" in govwa:latest / dervoeti/govwa
Rule full description: An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
Precision: very-high
Security-Severity: 5.5
Tags: ['vulnerability', 'security', 'MEDIUM']
Branch: master
SecObserve observation: /#/observations/2348/show
Low vulnerability: "denial of service issue (resource consumption) using compressed packets" in govwa:latest / dervoeti/govwa
Rule full description: GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
Precision: very-high
Security-Severity: 2.0
Tags: ['vulnerability', 'security', 'LOW']
Branch: master
SecObserve observation: /#/observations/2346/show
Low vulnerability: "shadow-utils: TOCTOU race conditions by copying and removing directory trees" in govwa:latest / dervoeti/govwa
Rule full description: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Precision: very-high
Security-Severity: 2.0
Tags: ['vulnerability', 'security', 'LOW']
Branch: master
SecObserve observation: /#/observations/2351/show
Low vulnerability: "OsPackageVulnerability" in govwa:latest / dervoeti/govwa
Rule full description: sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
Precision: very-high
Security-Severity: 2.0
Tags: ['vulnerability', 'security', 'LOW']
Branch: master
SecObserve observation: /#/observations/2347/show
Low vulnerability: "systemd: privilege escalation via the less pager" in govwa:latest / dervoeti/govwa
Rule full description: systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
Precision: very-high
Security-Severity: 2.0
Tags: ['vulnerability', 'security', 'LOW']
Branch: master
SecObserve observation: /#/observations/2350/show
Low vulnerability: "coreutils: Non-privileged session can escape to the parent session in chroot" in govwa:latest / dervoeti/govwa
Rule full description: chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Precision: very-high
Security-Severity: 2.0
Tags: ['vulnerability', 'security', 'LOW']
Branch: master
SecObserve observation: /#/observations/2345/show
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.