1063 matches found
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...
GHSA-MMHX-HMJR-R674 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips, argo-workflows...
GHSA-MMHX-HMJR-R674 vulnerabilities
Vulnerabilities for packages: argo-workflows...
CVE-2024-45801 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips, argo-workflows...
CVE-2024-45801 vulnerabilities
Vulnerabilities for packages: argo-workflows...
ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.1.0), ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7) +2674 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.12)
org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =1.12.0, =1.14.0 - ai.yda-framework:rest-spring-channel =0.1.0 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7...
Description of the security update for SharePoint Server 2019: September 10, 2024 (KB5002639)
Description of the security update for SharePoint Server 2019: September 10, 2024 KB5002639 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, and Microsoft SharePoint Server denial of service vulnerability. To learn more about the...
GHSA-9WV6-86V2-598J vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, grafana, sqlpad, grafana-11.0, vitess, kubeflow-centraldashboard, kubeflow-pipelines, thingsboard, grafana-fips, argo-workflows, opensearch-dashboards-fips, kibana...
CVE-2024-45296 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards, grafana, sqlpad, grafana-11.0, vitess, kubeflow-centraldashboard, kubeflow-pipelines, thingsboard, grafana-fips, argo-workflows, opensearch-dashboards-fips, kibana...
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterpart...
Future-Proofing Legacy Media Workflows with Akamai Object Storage
...
GHSA-4VVJ-4CPR-P986 vulnerabilities
Vulnerabilities for packages: grafana-fips, grafana, grafana-11.0, argo-workflows...
GHSA-4VVJ-4CPR-P986 vulnerabilities
Vulnerabilities for packages: argo-workflows...
CVE-2024-43788 vulnerabilities
Vulnerabilities for packages: grafana-fips, grafana, grafana-11.0, argo-workflows...
CVE-2024-43788 vulnerabilities
Vulnerabilities for packages: argo-workflows...
GO-2022-0405 Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` in github.com/argoproj/argo-workflows
Potential privilege escalation on Kubernetes = v1.19 when the Argo Sever is run with --auth-mode=client in github.com/argoproj/argo-workflows...
GO-2022-0388 Argo Server TLS requests could be forged by attacker with network access in github.com/argoproj/argo-workflows
Argo Server TLS requests could be forged by attacker with network access in github.com/argoproj/argo-workflows...
CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...
Code Injection
Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...
Code Injection
Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...