4546 matches found
CVE-2024-21623
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...
Sql injection
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...
CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...
CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...
Potential Actions command injection in output filenames (GHSL-2023-275)
Summary The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The verify-changed-files workflow returns the list of files changed within a workflow execution. This could...
GHSA-GHM2-RQ8Q-WRHC Potential Actions command injection in output filenames (GHSL-2023-275)
Summary The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The verify-changed-files workflow returns the list of files changed within a workflow execution. This could...
PT-2024-18975
Name of the Vulnerable Software and Affected Versions OTCLient versions prior to commit db560de0b56476c87a2f967466407939196dd254 Description The issue concerns an expression injection vulnerability in the /mehah/otclient "Analysis - SonarCloud" workflow, allowing an attacker to run commands...
Race Condition
github.com/deis/workflow-manager is vulnerable to Race Condition. The vulnerability is caused when the shared resource parameter clusterid is called concurrently. An attacker can potentially modify a shared resource by exploiting this vulnerability...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)
Summary There is a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been...
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
Design/Logic Flaw
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
Design/Logic Flaw
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
SUSE CVE-2023-49791
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an...
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
Apache Airflow Security Bypass Vulnerability (CNVD-2024-0101425)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions prior to 2.8.0,...