CVE-2023-40273 Session fixation in Apache Airflow web interface

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...

PT-2023-4782 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.7.0 Description: The issue is related to a session fixation vulnerability in the Airflow web interface, allowing an authenticated user to continue accessing the webserver even after their password has been...

[SECURITY] Fedora 37 Update: python-aiohttp-3.8.5-1.fc37

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

Privilege Escalation

apacheairflow is vulnerable to Privilege Escalation. The vulnerability is due to the Run Task feature, as it enables authenticated users to bypass limits, execute code in the webserver context and bypass restrictions on some DAGs, which exposes sensitive data, resulting in privileges escalation...

Apache Airflow Execution with Unnecessary Privileges

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

GHSA-269X-PG5C-5XGM Apache Airflow Execution with Unnecessary Privileges

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

CVE-2023-39508

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

PYSEC-2023-134

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

PT-2023-4783 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.6.0 Description: The issue is related to the "Run Task" feature in Apache Airflow, which allows an authenticated user to bypass some restrictions and execute code in the webserver context, as well as access...

Siemens SCALANCE X-200RNA Switch Devices Use of Insufficiently Random Values (CVE-2022-46353)

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of affected device...

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2022-46354)

A vulnerability has been identified in SCALANCE X204RNA HSR All versions V3.2.7, SCALANCE X204RNA PRP All versions V3.2.7, SCALANCE X204RNA EEC HSR All versions V3.2.7, SCALANCE X204RNA EEC PRP All versions V3.2.7, SCALANCE X204RNA EEC PRP/HSR All versions V3.2.7. The webserver of an affected...

CVE-2023-3329

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting syste...

CVE-2023-3329 CVE-2023-3329

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting syste...

CVE-2023-3329

CVE-2023-3329 affects SpiderControl SCADA Webserver versions 2.08 and prior. The vulnerability is a path traversal (CWE-22) flaw in the HMI file upload feature, allowing an attacker with administrative privileges to overwrite files on the webserver, potentially creating size-zero files anywhere a...

CVE-2023-3329 CVE-2023-3329

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting syste...

SpiderControl SCADA Webserver Path Traversal Vulnerability

iniNet Solutions SpiderControl SCADA Webserver is a server from iniNet Solutions. A path traversal vulnerability exists in SpiderControl SCADA Webserver version 2.08 and prior versions, which can be exploited by an attacker with administrative privileges to overwrite files on a web server using t...

Denial Of Service (DoS)

ethycafides is vulnerable to Denial Of Service DoS. The vulnerability exists due to a lack of validation in the template upload feature, which allows an attacker with with the CONNECTORTEMPLATEREGISTER scope to upload a malicious zip bomb file, causing the fides webserver to run out of resources...

GHSA-3RW2-WFC8-WMJ5 Fides Webserver Vulnerable to SVG Bomb File Uploads

Impact The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a billion laughs attack, causing resource exhaustion in Admin UI browser tabs and creating a persistent denial...

Fides Webserver Vulnerable to SVG Bomb File Uploads

Impact The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a billion laughs attack, causing resource exhaustion in Admin UI browser tabs and creating a persistent denial...

Fides Webserver Vulnerable to Zip Bomb File Uploads

Impact The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This...