10 matches found
SQL Injection
Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute...
SQL Injection
Overview dagster-gcp is a Package for GCP-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...
SQL Injection
Overview dagster-deltalake is a Package for Deltalake-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL...
PT-2026-37118
Name of the Vulnerable Software and Affected Versions Dagster Core versions prior to 1.13.1 Dagster libraries versions prior to 0.29.1 Description DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers construct SQL WHERE clauses by interpolating dynamic partition key values into queries without...
CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...
CVE-2025-54122
Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery SSRF vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an...
Hedgehog SQL注入漏洞
Hedgehog is an open source dns-stats visualization tool for DNS statistics. Hedgehog has a SQL injection vulnerability , the vulnerability stems from a problem in the function DSCIOManager::dscimportinputfromsource in file src/DSCIOManager.cpp, which can lead to sql injection...
Callback technologies CBFS Filter handle_ioctl_83150 null pointer dereference vulnerability
Talos Vulnerability Report TALOS-2022-1647 Callback technologies CBFS Filter handleioctl83150 null pointer dereference vulnerability November 22, 2022 CVE Number CVE-2022-43588 SUMMARY A null pointer dereference vulnerability exists in the handleioctl83150 functionality of Callback technologies...
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and what I did to try to get it fixed with our partners at Microsoft. The maximum impact of the bug class is local privilege escalation if kernel and driver developers...
Microsoft Windows SMB Server (v1v2) - Mount Point Arbitrary Device Open Privilege Escalation
Microsoft Windows SMB Server v1v2 - Mount Point Arbitrary Device Open Privilege Escalation Windows: SMB Server v1 and v2 Mount Point Arbitrary Device Open EoP Platform: Windows 10 1703 and 1709 seems the same on 7 and 8.1 but not extensively tested Class: Elevation of Privilege Summary: The SMB...