1063 matches found
Qualys VMDR & Jira Integration Now Available
The increasing number of vulnerabilities poses a significant challenge for most organizations trying to effectively manage and mitigate Cyber risks. According to NVD, the number of vulnerabilities in 2022 increased by approximately 25% as compared to 2021. As we are in start of March the...
Enhanced policy management with GitOps and Terraform
Wiz announces new GitOps workflows and Terraform provider, enabling customers to manage policies as code...
End the compliance management blues
Coalfire teamed up with one of the worlds leading security technology engineering firms, anecdotes, to expand Compliance Essentials capabilities - automating compliance workflows and risks, evidence collection, and audit execution. All within one platform...
CVE-2023-24029
In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...
You Don't Know Where Your Secrets Are
Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 9...
CVE-2022-46258
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...
Sipity SQL注入漏洞
Sipity is an open source plugin-ready and extensible Rails application from Hesburgh Libraries of Notre Dame. It is used to model approval-based workflows. Sipity suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to perform a sql injection attack...
PT-2022-11695 · Brave · Brave Ux
Name of the Vulnerable Software and Affected Versions: Brave UX for-the-badge affected versions not specified Description: A critical issue was found in Brave UX for-the-badge, affecting some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command...
Apache Airflow Input Validation Error Vulnerability (CNVD-2022-78860)
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring.Apache Airflow versions prior to 2.4.3 are vulnerable to an input validation error that stems from an open redirect in the...
Apache Airflow code injection vulnerability
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamic monitoring features. Apache Airflow has a code injection vulnerability, the vulnerability stems from the user input structure during the...
Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267)
Description of the security update for SharePoint Foundation 2013: September 13, 2022 KB5002267 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...
Description of the security update for SharePoint Server 2019: September 13, 2022 (KB5002258)
Description of the security update for SharePoint Server 2019: September 13, 2022 KB5002258 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the vulnerabilities...
Description of the security update for SharePoint Enterprise Server 2016: September 13, 2022 (KB5002269)
Description of the security update for SharePoint Enterprise Server 2016: September 13, 2022 KB5002269 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...
CVE-2022-39326
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
Code injection
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
github-workflows 代码注入漏洞
github-workflows is a shared reusable workflow for GitHub Actions for Kartverket individual developers. A security vulnerability exists in github-workflows versions prior to 2.7.5, which stems from being affected by code injection, where a malicious actor may send a PR with a malicious load, whic...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
CVE-2022-39326
CVE-2022-39326 affects the kartverket/github-workflows repository's run-terraform reusable workflow. Before version 2.7.5, a malicious pull request could inject code that executes arbitrary JavaScript in the workflow context. Impact is described as code execution within the GitHub Actions workflo...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
run-terraform allows for RCE via terraform plan
Impact What kind of vulnerability is it? Who is impacted? All users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the contex...