4541 matches found
Design/Logic Flaw
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
The vulnerability of the implementations of Time Off, Time Sheet, EC Workflow, and Benefits modules of the SAP SuccessFactors Mobile human resources management platform allows a violator to increase their privileges.
The vulnerability of the implementations of Time Off, Time Sheet, EC Workflow, and Benefits modules of the SAP SuccessFactors Mobile human resources management platform for Android and iOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a...
check-spelling workflow vulnerable to token leakage via symlink attack
Impact For a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the GITHUBTOKEN, it's possible to push commits to the repository bypassing standard approval...
GHSA-G86G-CHM8-7R2P check-spelling workflow vulnerable to token leakage via symlink attack
Impact For a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the GITHUBTOKEN, it's possible to push commits to the repository bypassing standard approval...
PYSEC-2022-43136
WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...
PYSEC-2022-43163
WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...
CVE-2022-35291
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
CVE-2022-35291 Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
Oracle E-Business Suite (Jul 2022 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Oracle E-Business Suite Information Discovery product of Oracle E-Business Suite component: Packaging issues Apache...
Fedora: Security Advisory for git-octopus (FEDORA-2022-3e1ade35db)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Use Qualys Flow to Automate Detection & Remediation with No-code Workflows
The threat landscape is rapidly and constantly evolving. New software vulnerabilities and service misconfigurations are discovered daily, and exploits targeting them are often released within hours. For effective security, pursuing the automation of both detection and remediation processes is...
Vulnerabilities fixed in Oracle E-Business Suite
Oracle has fixed vulnerabilities in the following E-Business Suite applications: - Oracle Workflow - Oracle E-Business Suite Information Discovery - Oracle iReceivables - Oracle iRecruitment - Oracle Applications Framework - Oracle User Management The vulnerabilities potentially enable a maliciou...
CVE-2022-21567
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of...
CVE-2022-21567
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of...
CVE-2022-21567
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of...
Design/Logic Flaw
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of...
CVE-2022-21567
CVE-2022-21567 affects Oracle E-Business Suite, Worklist component (Oracle Workflow). Affected versions: 12.2.3–12.2.11. Description: unauthenticated attacker over HTTP can access Oracle Workflow data, with potential data exposure or broader access. CVSS v3.1 base score 7.5 (High). Mitigation: pa...
CVE-2022-21567
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of...
CVE-2022-21567
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of...
PT-2022-4565 · Oracle · Oracle Workflow +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.11 Description: The issue exists due to insufficient input validation in the Worklist component of the Oracle Workflow product. This allows a remote attacker to gain unauthorized access to...