24 matches found
CVE-2026-42297
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...
Missing Authorization
github.com/argoproj/argo-workflows is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the Sync Service's ConfigMap-backed provider, which allows an attacker to create, read, update, and delete synchronization-related Kubernetes ConfigMaps without...
PT-2026-40273
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/sync cm.go performs zero authorization checks on all CRUD operations create, read,...
CVE-2026-42297
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...
CVE-2026-42297
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...
Argo Workflows 安全漏洞
Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had a security vulnerability. This vulnerability stemmed from the ConfigMap-backed provider in the Sync Service not performing authorization checks...
Argo has Missing Authorization in its Sync ConfigMap Provider
Summary The Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read, update, delete. Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the configMapSyncProvider process. An attacker can create, read, update, or delete Kubernetes ConfigMaps containing synchronization limits by sending crafted requests with any Bearer token, including fake tokens...
CVE-2026-30870
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
CVE-2026-30870
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
EUVD-2023-34355
Malicious code in bioql PyPI...
Vulnerabilities fixed in Zimbra Collaboration
Zimbra has fixed several vulnerabilities in Zimbra Collaboration. The vulnerabilities included an SQL injection in the ZimbraSyncService SOAP endpoint and an SSRF vulnerability in the RSS feed parser that allowed unauthorized access and manipulation of the database, as well as unauthorized...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in Azure products. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to grant themselves elevated privileges and potentially perform actions with administrator privileges. The most serious vulnerability has been assigned...
Citrix Delivery Controllers generates Event ID 505 and Event ID 3602 continuously
Upgrading CVAD version to 2308 generates“Citrix ConfigSync Service” with "Event ID “505 ” and "Citrix High Availability Service" with "Event ID 3602" The Citrix Config Sync Service failed an import. Error details: Error importing configuration data into secondary Broker...
CVE-2023-2909
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...
CVE-2023-2909
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...
Design/Logic Flaw
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...
CVE-2023-2909 A Directory traversal vulnerability was found on EZ Sync service of ADM
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...
CVE-2023-2909
CVE-2023-2909 describes a directory traversal vulnerability in the EZ Sync service of ASUSTOR ADM. The root cause is inadequate validation of user input, allowing an attacker to navigate outside the intended directory and delete files. Affected products/versions: ADM 4.0.6.REG2, 4.1.0 and earlier...
CVE-2023-2909 A Directory traversal vulnerability was found on EZ Sync service of ADM
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below...