1095 matches found
AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services AWS Managed Workflows for Apache Airflow MWAA that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances...
CVE-2024-27920
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...
CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...
CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...
CVE-2024-27920
The CVE covers projectdiscovery/nuclei where unsigned code templates could be executed via workflows in Nuclei v3. root cause: oversight in workflow execution that allows executing unsigned templates. Impact: local execution with high severity per listed metrics; effects are mitigation-dependent ...
CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...
GHSA-W5WX-6G2R-R78Q Nuclei allows unsigned code template execution through workflows
Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...
Nuclei allows unsigned code template execution through workflows
Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kube-rbac-proxy, rabbitmq-messaging-topology-operator, minio, temporal-ui-server, vexctl, temporal, cloudflared, kubernetes-dashboard, kubescape, sigstore-scaffolding, spire-server, melange, kargo, falco, apko, kots, zarf, weaviate, dgraph,...
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: step, src, kots, temporal-server, kine, caddy, kube-bench, k3s, spicedb, step-ca, argo-workflows, ferretdb, trillian, amass...
CVE-2024-27289 vulnerabilities
Vulnerabilities for packages: step, kots, caddy, step-ca, argo-workflows, trillian...
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: temporal-server, kots, keda-fips, amass, trillian, wavefront-collector-for-kubernetes, falcosidekick-fips, temporal-server-fips, src, kine, caddy-fips, step, step-ca, trillian-fips, kube-bench, kube-bench-fips, argo-workflows, k3s, argo-workflows-fips, ferretdb, cadd...
BIT-ARGO-WORKFLOWS-2021-37914
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
BIT-ARGO-WORKFLOWS-2022-29164 Privilege Escalation in argo-workflows
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kubeadm-bootstrap-controller, envoy-ratelimit, pulumi, trust-manager, configmap-reload, cloudflared, crossplane-provider-aws-cloudformation, osv-scanner, kubernetes-csi-livenessprobe, nri-kubernetes, thanos, kubernetes-csi-driver-hostpath, kubeflow-pipelines,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kpt, osv-scanner, pgpool2exporter-fips, oauth2-proxy, ollama, kyverno-policy-reporter-kyverno-plugin, rook, kaniko, k8ssandra-operator, terraform, external-secrets-fips, stakater-reloader, opentofu, kube-fluentd-operator, prometheus-redis-exporter-fips, atlantis,...
Lessons from video game companies: automation unleashes robust monitoring & observability
Video game organizations need robust monitoring and observability solutions to stay one step ahead of cyber adversaries. Chances are, so do we all. In this blog post, we’ll delve into how monitoring and observability capabilities enable video game organizations to bolster their cybersecurity...
GHSA-7JWH-3VRQ-Q3M8 vulnerabilities
Vulnerabilities for packages: step, src, kots, temporal-server, kine, caddy, kube-bench, k3s, spicedb, step-ca, argo-workflows, ferretdb, trillian, amass...
GHSA-7JWH-3VRQ-Q3M8 vulnerabilities
Vulnerabilities for packages: temporal-server, kots, keda-fips, amass, trillian, wavefront-collector-for-kubernetes, falcosidekick-fips, temporal-server-fips, src, kine, caddy-fips, step, step-ca, trillian-fips, kube-bench, kube-bench-fips, argo-workflows, k3s, argo-workflows-fips, ferretdb, cadd...
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: temporal-server, kots, keda-fips, amass, trillian, wavefront-collector-for-kubernetes, falcosidekick-fips, temporal-server-fips, src, kine, caddy-fips, step, step-ca, trillian-fips, kube-bench, kube-bench-fips, argo-workflows, k3s, argo-workflows-fips, ferretdb, cadd...