Information Exposure

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Information Exposure in the error messages in the UI when a DAG fails during parsing. A user can obtain sensitive information from kwargs passed t...

Information Exposure

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Information Exposure in the error messages in the UI when a DAG fails during parsing. A user can obtain...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Versions of Apache Airflow prior to 3.1.4 and 2.11.1...

EUVD-2021-10253

Malware in sbrugna...

CVE-2020-11631

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. This is exploitable...

CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

CVE-2013-2612

Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI...

CVE-2013-2612

Huawei E587 3G Mobile Hotspot (firmware 11.203.27) is affected by a command injection in the Web UI. The vulnerable HTTP endpoint is /api/device/time, where unsanitized input allows an attacker to execute arbitrary shell commands with root privileges. This CVE-2013-2612 entry is supported by mult...

CVE-2017-7143

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal...

CVE-2017-7143

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal...

CVE-2017-7143

MODE C: CVE-2017-7143 affects macOS before 10.13 in the Captive Network Assistant, where a UI state/portal handling issue can cause cleartext passwords to be transmitted over the network in opportunistic scenarios. The connected Apple security content page HT208144 confirms the vulnerable compone...