amazon-sagemaker-jupyter-scheduler (>=3.2.1 <=3.2.2), argo-jupyter-scheduler (>=0.0.1 <=2024.6.1rc1) +3 more potentially affected by CVE-2024-28188 via jupyter-scheduler (=2.12.0)

jupyter-scheduler PYPI version =2.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-scheduler and may be impacted: - amazon-sagemaker-jupyter-scheduler =3.2.1, =0.0.1, =0.1.0, =1.4.16, =1.2.0, =1.3.10 Source cves: CVE-2024-28188 Source...

GHSA-952P-6RRQ-RCJV vulnerabilities

Vulnerabilities for packages: lerna, opensearch-dashboards, kubeflow-pipelines, renovate, ts-patch, argo-workflows, opensearch-dashboards-fips, kibana...

CVE-2024-4067 vulnerabilities

Vulnerabilities for packages: lerna, opensearch-dashboards, kubeflow-pipelines, renovate, ts-patch, argo-workflows, opensearch-dashboards-fips, kibana...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7649 more potentially affected by CVE-2024-29857 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2024-29857 Source...

Qualys Launches MSSP Portal to Empower Managed Security Service Providers

In the words of Sun Tzu, In the midst of chaos, there is also opportunity. This aptly captures the essence of todays cybersecurity landscape. Managed Security Service Providers MSSPs stand at the forefront, turning chaos into opportunity by securing digital assets across the entire infrastructure...

GHSA-WMXC-V39R-P9WF Temporal Server Denial of Service

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689 Denial of Service if invalid UTF-8 sent

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689

Summary: CVE-2024-2689 is a Temporal Server DoS affecting versions 1.20.5, 1.21.6 and 1.22.7 where an authenticated user with workflow permissions can submit an invalid UTF-8 string to trigger a crashloop, causing queue lag and eventual resource exhaustion. The logs may reveal the failing workflo...

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services AWS Managed Workflows for Apache Airflow MWAA that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances...

CVE-2024-27920

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

CVE-2024-27920

The CVE covers projectdiscovery/nuclei where unsigned code templates could be executed via workflows in Nuclei v3. root cause: oversight in workflow execution that allows executing unsigned templates. Impact: local execution with high severity per listed metrics; effects are mitigation-dependent ...

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

GHSA-W5WX-6G2R-R78Q Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: caddy, falcoctl, slsa-verifier, zarf, timestamp-authority, dex, guac, temporal, cloudflared, gomplate, nerdctl, temporal-ui-server, sigstore-scaffolding, cosign, policy-controller, vexctl, melange, kargo, argo-workflows, skopeo, ko, kube-rbac-proxy, weaviate,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: kine, caddy, trillian-fips, k3s, caddy-fips, kube-bench, ferretdb, src, trillian, step-ca, kube-bench-fips, kots, keda-fips, spicedb, temporal-server, amass, argo-workflows-fips, falcosidekick-fips, temporal-server-fips, argo-workflows,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: caddy, kine, argo-workflows, k3s, ferretdb, src, kots, step-ca, temporal-server, spicedb, trillian, kube-bench, amass, step...

CVE-2024-27289 vulnerabilities

Vulnerabilities for packages: caddy, argo-workflows, kots, step-ca, trillian, step...