Lucene search
K

80 matches found

CVE
CVE
added 2024/12/10 12:0 a.m.229 views

CVE-2024-55550

CVE-2024-55550 affects Mitel MiCollab up to 9.8 SP2. The primary description indicates an authenticated administrator can perform a local file read due to insufficient input sanitization, exposing non-sensitive system information without modification or privilege escalation. The connected nuclei ...

4.4CVSS6.5AI score0.38104EPSS
In wildExploits0References3Affected Software1
Cvelist
Cvelist
added 2024/12/10 12:0 a.m.29 views

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

0.38104EPSS
Exploits0References2
NVD
NVD
added 2024/10/21 8:15 p.m.20 views

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

7.7CVSS0.004EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 4:15 a.m.11 views

CVE-2024-44112

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/10 4:3 a.m.24 views

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/10 4:3 a.m.11 views

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS7AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2024/09/10 4:3 a.m.48 views

CVE-2024-44112

CVE-2024-44112 affects SAP for Oil & Gas (Transportation and Distribution). The root cause is a missing authorization check on a remote-enabled function, allowing an authenticated non-administrative user to delete non-sensitive entries in a user data table. The vulnerability is described as havin...

4.3CVSS4.5AI score0.0025EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/13 4:15 a.m.3 views

CVE-2024-42377

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...

4.3CVSS5.8AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2024/07/09 5:15 a.m.6 views

CVE-2024-37180

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on...

5.3CVSS5.8AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2024/06/11 3:15 a.m.4 views

CVE-2024-28164

SAP NetWeaver AS Java CAF - Guided Procedures allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application...

5.3CVSS5.8AI score0.00326EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/14 8:9 a.m.25 views

CVE-2024-28134 PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...

7CVSS6.7AI score0.00492EPSS
Exploits0References1
CVE
CVE
added 2024/05/14 8:9 a.m.57 views

CVE-2024-28134

Phoenix Contact CHARX SEC-3100 (up to v1.5.1) is affected by an unauthenticated MitM vulnerability where sensitive data is transmitted in cleartext, enabling an attacker to extract a session token and gain web-based management access with the privileges of the current user. Impact is limited to n...

7CVSS6.7AI score0.00492EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/18 9:30 a.m.44 views

Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

5.3CVSS6.7AI score0.01049EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.4 views

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions 2.7.0...

5.3CVSS6.1AI score0.01049EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.8 views

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the lack of protection for operational data, allowing attackers to obtain confidential information.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to expose sensitive information, provided...

4.3CVSS5.5AI score0.01232EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/14 12:30 p.m.3 views

GHSA-FPXX-XV4C-GXQP Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the exposeconfig option is set to non-sensitive-only. The exposeconfig option is False by default. It is recommended to upgrade to a...

4.3CVSS5.8AI score0.01232EPSS
Exploits0References7
PyPA
PyPA
added 2023/10/14 10:15 a.m.8 views

PYSEC-2023-204

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...

4.3CVSS6.4AI score0.01232EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/14 9:46 a.m.30 views

CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...

4.3CVSS5.9AI score0.01232EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/10/14 9:46 a.m.22 views

CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...

4.2AI score0.01232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/14 12:0 a.m.3 views

PT-2023-8626 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.7.0 through 2.7.1 Description: The issue allows an authenticated user to retrieve sensitive configuration information when the expose config option is set to "non-sensitive-only". The expose config option is False by...

4.3CVSS6.7AI score0.01232EPSS
Exploits0References18
Rows per page
Query Builder