Kmhlyxj0

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.0 **Description** The issue is related to insufficient validation of incoming requests, allowing an authenticated user with Connection edit privileges to access connection information and exploit the test connection feature. This can lead to a denial of service (DoS) condition on the server by sending many requests. Malicious actors can also establish harmful connections with the server. **Recommendations** For versions prior to 2.7.0, upgrade to version 2.7.0 or newer to mitigate the risk associated with this issue. As a temporary workaround, consider restricting access to the test connection feature until a patch is available. Administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow ODBC Provider versions prior to 4.0.0 **Description** A privilege escalation vulnerability exists due to controllable ODBC driver parameters in OdbcHook, allowing the loading of arbitrary dynamic-link libraries and resulting in command execution. This issue is related to improper neutralization of argument delimiters in a command, also known as 'Argument Injection'. The vulnerability enables the execution of commands, potentially leading to system compromise. **Recommendations** For versions prior to 4.0.0, consider restricting access to the OdbcHook and limiting the ability to load dynamic-link libraries until a fixed version is available. As a temporary workaround, restrict the use of controllable ODBC driver parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TG Soft Vir.IT eXplorer version 9.4.86.0 **Description** A problematic issue affects the function `0x82730088` in the library `VIRAGTLT.sys` of the component IoControlCode Handler, leading to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** For version 9.4.86.0, upgrade to version 9.5 to address this issue. As a temporary workaround, consider disabling the `0x82730088` function in the `VIRAGTLT.sys` library until the upgrade is applied. Restrict access to the IoControlCode Handler component to minimize the risk of exploitation.