324 matches found
Azure Linux 3.0 Security Update: kernel (CVE-2024-36925)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36925 advisory. - In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool...
CVE-2025-59960 Junos OS and Junos OS Evolved: DHCP Option 82 messages from clients being passed unmodified to the DHCP server
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service jdhcpd of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service DoS on the downstream DHCP...
MiracleLinux 3 : apr-1.2.7-11AXS3.1 (AXSA:2009-372:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-372:01 advisory. The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines, forming a system portability layer to as many...
Exploit for CVE-2025-37164
CVE-2025-37164 - HPE OneView Unauthenticated RCE PoC Proof-of...
HPE OneView id-pools command execution
Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...
HPE OneView id-pools command execution
Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...
Improper Access Control
apacheairflow is vulnerable to improper access control. The vulnerability is due to insufficient authorization checks in the bulk create API with the overwrite action, which allows an attacker with only CREATE privileges to update existing Pools, Connections, and Variables without having UPDATE...
BIT-AIRFLOW-2025-62503 Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables)
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
CVE-2025-62503
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
EUVD-2025-36995
Apache Airflow's create action can upsert existing Pools/Connections/Variables...
Apache Airflow's create action can upsert existing Pools/Connections/Variables
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
GHSA-GP5F-CX7H-8Q6F Apache Airflow's create action can upsert existing Pools/Connections/Variables
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
CVE-2025-62503
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
CVE-2025-62503
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
CVE-2025-62503
CVE-2025-62503 – Apache Airflow: Privilege boundary bypass in bulk APIs allows a user with CREATE (but not UPDATE) for Pools, Connections, and Variables to update existing records via the bulk create API with an overwrite action. Multiple sources (BIT-AIRFLOW-2025-62503, EUVD, Red Hat/CISA refere...
CVE-2025-62503 Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables)
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
CVE-2025-62503 Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables)
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action...
PT-2025-44369
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-62503 Description A user possessing CREATE privilege but lacking UPDATE privilege for Pools, Connections, and Variables can modify existing records through the bulk create API utilizing the overwrite action. This allows...
EUVD-2010-2087
Malware in sbrugna...
EUVD-2021-17229
Malware in sbrugna...