80 matches found
CVE-2024-55550
CVE-2024-55550 affects Mitel MiCollab up to 9.8 SP2. The primary description indicates an authenticated administrator can perform a local file read due to insufficient input sanitization, exposing non-sensitive system information without modification or privilege escalation. The connected nuclei ...
CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...
CVE-2024-47189
The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...
CVE-2024-44112
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-44112
CVE-2024-44112 affects SAP for Oil & Gas (Transportation and Distribution). The root cause is a missing authorization check on a remote-enabled function, allowing an authenticated non-administrative user to delete non-sensitive entries in a user data table. The vulnerability is described as havin...
CVE-2024-42377
SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...
CVE-2024-37180
Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...
CVE-2024-28164
SAP NetWeaver AS Java CAF - Guided Procedures allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application...
CVE-2024-28134 PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...
CVE-2024-28134
Phoenix Contact CHARX SEC-3100 (up to v1.5.1) is affected by an unauthenticated MitM vulnerability where sensitive data is transmitted in cleartext, enabling an attacker to extract a session token and gain web-based management access with the privileges of the current user. Impact is limited to n...
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...
Apache Airflow 安全漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions 2.7.0...
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the lack of protection for operational data, allowing attackers to obtain confidential information.
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to expose sensitive information, provided...
GHSA-FPXX-XV4C-GXQP Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the exposeconfig option is set to non-sensitive-only. The exposeconfig option is False by default. It is recommended to upgrade to a...
PYSEC-2023-204
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...
CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...
CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...
PT-2023-8626 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.7.0 through 2.7.1 Description: The issue allows an authenticated user to retrieve sensitive configuration information when the expose config option is set to "non-sensitive-only". The expose config option is False by...