9260 matches found
CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...
CVE-2023-0628
Docker Desktop before 4.17.0 is affected by an issue where an attacker can execute arbitrary commands inside a Dev Environments container during initialization by convincing a user to open a crafted docker-desktop:// URL. Affected product: Docker Desktop (Dev Environments container). Root cause i...
Docker Desktop 安全漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
PT-2023-1878 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.13.0 through 4.16.x Description: The issue allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock or npipe:////.pipe/docker engine linux on...
Docker Desktop 命令注入漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
PT-2023-2062 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.17.0 Description: The issue allows an attacker to execute arbitrary commands inside a Dev Environments container during initialization. This can be achieved by tricking a user into opening a crafted maliciou...
Fedora: Security Advisory for manifest-tool (FEDORA-2023-5312f6200c)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 38 Update: manifest-tool-2.0.8-1.fc38
This tool was mainly created for the purpose of viewing, creating, and pushing the new manifests list object type in the Docker registry. Manifest lists are defined in the v2.2 image specification and exist mainly for the purpose of supporting multi-architecture and/or multi-platform images withi...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
Vulnerable Application Open Web Analytics OWA before 1.7.4...
GHSA-GC89-7GCR-JXQC Buildkit credentials inlined to Git URLs could end up in provenance attestation
When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...
Buildkit credentials inlined to Git URLs could end up in provenance attestation
When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...
Security Bulletin: Multiple Security vulnerabilities fixed and shipped with IBM Security Verify Bridge (Docker version) (CVE-2022-2175, CVE-2022-2526, CVE-2022-40674, CVE-2022-3515)
Summary IBM Security Verify Bridge docker version fixed the vulnerabilities listed below. The vulnerable components have been updated to fixed versions. Vulnerability Details CVEID:CVE-2022-2175 DESCRIPTION: Vim could allow a remote attacker to execute arbitrary code on the system, caused by a...
Internet Bug Bounty: CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution
An improper input validation vulnerability was discovered in the Apache Airflow Google Provider, affecting versions before 8.10.0. Attackers could modify existing connection configuration information to execute malicious commands or create arbitrary files, leading to denial of service...
Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution
An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...
Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.
Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...
IBM Observability with Instana Access Control Error Vulnerability
IBM Observability with Instana is a powerful application performance monitoring solution from International Business Machines IBM that enables faster performance tracking and incident resolution.IBM Observability with Instana suffers from an access control error vulnerability that stems from the...
Exploit for Improper Authentication in Redhat Keycloak
PoC for CVE-2023-0264 Keycloak vulnerability that allows ses...
Nextcloud: Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle
A reflected XSS vulnerability with full CSP bypass was discovered in Nextcloud installations using the recommended bundle. The vulnerability allowed attackers to inject malicious code into web pages, which could be executed in the context of the victim's browser session, leading to a trivial...
CVE-2023-26490
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...
Command injection
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...