Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the /ui/dags endpoint, which fails to enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records. An attacker can access sensitive HITL prompts and TaskInstan...

Linux Distros Unpatched Vulnerability : CVE-2019-16723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid...

SUSE CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

DEBIAN-CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

UBUNTU-CVE-2023-37543

Cacti before 1.2.6 allows IDOR Insecure Direct Object Reference for accessing any graph via a modified localgraphid parameter to graphxport.php. This is a different vulnerability than CVE-2019-16723...

Apache Airflow 操作系统命令注入漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow Spark Provider versions prior to 4.0.0...

DEBIAN-CVE-2019-16723

In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...

PT-2019-5225 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.7 Description: The issue is related to an authorization check error in the local graph id function of the Cacti server monitoring system. This allows a remote attacker to potentially access confidential data by...

Fedora 12 : bugzilla-3.4.9-1.fc12 (2010-17235)

The following security issues have been discovered in Bugzilla : - There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability. - It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you cou...