Apache Airflow 3.0.0 through 3.1.x fails to redact secrets stored as nested fields within JSON-formatted variables, allowing authenticated users with variable access to retrieve plaintext sensitive values. This information disclosure vulnerability affects deployments that store credentials or API keys as JSON dictionary structures in Airflow variables. The EPSS score of 0.02% and CVSS 3.7 with high attack complexity reflect limited real-world exploitation likelihood, but the vulnerability poses direct risk to organizations using JSON-structured secrets without additional access controls.
Missing null terminator in libgphoto2's ptp_unpack_Canon_FE() function allows out-of-bounds memory reads when processing Canon camera filenames. Versions up to 2.5.33 are vulnerable when a 13-byte filename without null termination is supplied, causing subsequent string operations to read beyond buffer boundaries. The vulnerability requires physical camera access and results in information disclosure or denial of service, not remote code execution.
Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical USB access to crash the library via malformed PTP protocol data from untrusted camera devices, affecting applications using libgphoto2 for camera enumeration and control on desktop systems.
libgphoto2 versions up to 2.5.33 leak memory in the Sony camera property descriptor parser when processing secondary enumeration lists from 2024+ Sony cameras, causing denial of service through resource exhaustion on systems with repeated camera enumeration or property descriptor parsing. The vulnerability requires physical access to a Sony camera or crafted USB device communication, affecting users who interact with affected Sony camera models via libgphoto2. Vendor-released patch: version 2.5.34 and later.