22 matches found
Apache Airflow < 3.1.6 Information Disclosure
The version of Apache Airflow installed on the remote host is prior to 3.1.6. It is, therefore, affected by an information disclosure vulnerability: - The proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not...
CVE-2020-37139
Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...
EUVD-2020-31028
Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...
CVE-2020-37139
Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...
PT-2026-6582
Name of the Vulnerable Software and Affected Versions Odin Secure FTP Expert version 7.6.3 Description The software contains a local denial of service issue that allows attackers to crash the application by manipulating site information fields. An attacker can trigger a buffer overflow by pasting...
BIT-AIRFLOW-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
CVE-2025-68675
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
PYSEC-2026-10
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
CVE-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
CVE-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
CVE-2025-68675
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
CVE-2021-47771
RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...
Konica Bizhub Multifunction Printers Cross-site Scripting (CVE-2025-5884)
Cross-site scripting vulnerability CWE94, CWE-79 was found in the specific input fields of the Web Connection. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504858; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/02/20";...
Information Disclosure
Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to improper access control in handling sensitive connection fields, allowing users with read permissions to view sensitive data through the API and UI...
BIT-AIRFLOW-2025-54831 Apache Airflow: Connection sensitive details exposed to users with READ permissions
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...
CVE-2025-54831
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...
PYSEC-2025-85
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values.In Airflow 3.0.3, this model was unintentional...
CVE-2025-54831
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...
PYSEC-2025-85
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...
CVE-2025-54831 Apache Airflow: Connection sensitive details exposed to users with READ permissions
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...