4550 matches found
Transform Your CAD Workflow with Parametric Modeling
Designers and engineers are always searching for tools to speed up their work and create more complex designs.…...
GO-2022-0928 Workflow re-write vulnerability using input parameter in github.com/argoproj/argo-workflows
Workflow re-write vulnerability using input parameter in github.com/argoproj/argo-workflows...
GO-2023-2422 Deis Workflow Manager race condition vulnerability in github.com/deis/workflow-manager
Deis Workflow Manager race condition vulnerability in github.com/deis/workflow-manager...
CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation
Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...
CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation
Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
This module exploits a SQL injection vulnerability in Fortra FileCatalyst Workflow use auxiliary/admin/http/fortrafilecatalystworkflowsqli msf auxiliaryfortrafilecatalystworkflowsqli show actions ...actions... msf auxiliaryfortrafilecatalystworkflowsqli set ACTION msf...
DEBIAN-CVE-2024-42311
In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfsinodeinfo after hfsallocinode Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ===================================================== BUG:...
GitHub Actions Script Injection in `ultralytics/actions`
Summary The Ultralytics action available at https://github.com/marketplace/actions/ultralytics-actions is vulnerable to GitHub Actions script injection. If anyone uses the action within a workflow that runs on the pullrequesttarget trigger, then an attacker can inject arbitrary code into that...
GHSA-7X29-QQMQ-V6QC GitHub Actions Script Injection in `ultralytics/actions`
Summary The Ultralytics action available at https://github.com/marketplace/actions/ultralytics-actions is vulnerable to GitHub Actions script injection. If anyone uses the action within a workflow that runs on the pullrequesttarget trigger, then an attacker can inject arbitrary code into that...
fish-shop/syntax-check Improper Neutralization of Delimiters
Impact Improper neutralisation of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input value used in a workflow. This has the potential for exposure or exfiltrati...
GHSA-XJ87-MQVH-88W2 fish-shop/syntax-check Improper Neutralization of Delimiters
Impact Improper neutralisation of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input value used in a workflow. This has the potential for exposure or exfiltrati...
CVE-2024-42482
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...
CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...
CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...
CVE-2024-42482
CVE-2024-42482 affects the GitHub action fish-shop/syntax-check used to validate fish shell files. The vulnerability arises from improper neutralization of delimiters in the pattern input, specifically the command separator ; and command substitution characters ( and ), enabling arbitrary command...
CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...
ROS-20240812-03
The vulnerability in GLPI's asset and data center management software is related to the the injection of commands into a specific workflow that an agent would run with the privileges it uses privileges. Exploitation of the vulnerability could allow an attacker acting remotely to escalate its...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
PT-2024-29904 · Litestar · Litestar
Name of the Vulnerable Software and Affected Versions: Litestar versions 2.10.0 and prior Description: The issue is related to Environment Variable injection in Litestar's docs-preview.yml workflow, which may lead to secret exfiltration and repository manipulation. This grants a malicious actor...