9255 matches found
CVE-2023-36816
The CVE concerns the 2FAuth web application, where an XSS vulnerability exists in the account/service field. According to the provided records, the issue was demonstrated in a docker-compose test environment and has been patched as of version 4.0.3. The root cause is an input handling flaw that a...
CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...
CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...
CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth
2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...
Exploit for OS Command Injection in Cacti
Cacti v1.2.24 authenticated command injection CVE-2023-39362...
Debian: Security Advisory (DLA-3473-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Critical Photon OS Security Update - PHSA-2023-4.0-0417
Updates of 'kube-bench', 'docker-compose', 'libXi', 'bindutils', 'libtiff', 'ntp', 'samba-client', 'protobuf', 'libarchive', 'binutils-aarch64-linux-gnu', 'binutils', 'nodejs' packages of Photon OS have been released...
CVE-2023-34844
Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...
CVE-2023-34844
Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...
CVE-2023-34844
Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...
Code injection
Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...
[SECURITY] [DLA 3473-1] docker-registry security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3473-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 29, 2023 https://wiki.debian.org/LTS -...
CVE-2023-34844
Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...
Play With Docker 安全漏洞
Play With Docker is an easy, interactive and fun training ground for learning Docker. A security vulnerability exists in Play With Docker versions prior to 0.0.2 that stems from having an insecure CAPSYSADMIN privilege pattern that causes Docker containers to escape...
CVE-2023-34844
CVE-2023-34844 affects Play With Docker, where versions prior to 0.0.2 expose an insecure CAP_SYS_ADMIN privileged mode allowing a container escape. The root cause is improper privilege handling that enables elevation from within a container to host context. Documented impact is privileged escape...
CVE-2023-34844
Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...
Debian dla-3473 : docker-registry - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3473 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3473-1 [email protected] https://www.debian.org/lts/security/...
DLA-3473-1 docker-registry - security update
Bulletin has no description...
Mageia: Security Advisory (MGASA-2023-0207)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ownCloud: Cross-Site Request Forgery
A cross-site request forgery vulnerability was found in an application. Requests were not validating cross-site request forgery tokens, allowing an unauthorized user to perform administration functions by inserting valid session cookies into arbitrary requests. This could have enabled an attacker...