Lucene search
K

9260 matches found

Vulnrichment
Vulnrichment
added 2023/03/13 11:16 a.m.6 views

CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

6.1CVSS7.8AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2023/03/13 11:16 a.m.88 views

CVE-2023-0628

Docker Desktop before 4.17.0 is affected by an issue where an attacker can execute arbitrary commands inside a Dev Environments container during initialization by convincing a user to open a crafted docker-desktop:// URL. Affected product: Docker Desktop (Dev Environments container). Root cause i...

7.8CVSS7AI score0.00265EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.2 views

Docker Desktop 安全漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.1CVSS7AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.4 views

PT-2023-1878 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.13.0 through 4.16.x Description: The issue allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock or npipe:////.pipe/docker engine linux on...

7.1CVSS6.9AI score0.00218EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.7 views

Docker Desktop 命令注入漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.8CVSS7.8AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.5 views

PT-2023-2062 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.17.0 Description: The issue allows an attacker to execute arbitrary commands inside a Dev Environments container during initialization. This can be achieved by tricking a user into opening a crafted maliciou...

7.8CVSS7.8AI score0.00265EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/12 12:0 a.m.31 views

Fedora: Security Advisory for manifest-tool (FEDORA-2023-5312f6200c)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS8.1AI score0.00542EPSS
Exploits1References2
Fedora
Fedora
added 2023/03/11 4:6 a.m.46 views

[SECURITY] Fedora 38 Update: manifest-tool-2.0.8-1.fc38

This tool was mainly created for the purpose of viewing, creating, and pushing the new manifests list object type in the Docker registry. Manifest lists are defined in the v2.2 image specification and exist mainly for the purpose of supporting multi-architecture and/or multi-platform images withi...

7.8CVSS7.7AI score0.017EPSS
Exploits1
GithubExploit
GithubExploit
added 2023/03/09 10:40 a.m.353 views

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

Vulnerable Application Open Web Analytics OWA before 1.7.4...

9.8CVSS9.6AI score0.99134EPSS
Exploits14
OSV
OSV
added 2023/03/07 8:9 p.m.42 views

GHSA-GC89-7GCR-JXQC Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS7AI score0.01026EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/03/07 8:9 p.m.31 views

Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS6.1AI score0.01026EPSS
Exploits1References8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 7:58 p.m.44 views

Security Bulletin: Multiple Security vulnerabilities fixed and shipped with IBM Security Verify Bridge (Docker version) (CVE-2022-2175, CVE-2022-2526, CVE-2022-40674, CVE-2022-3515)

Summary IBM Security Verify Bridge docker version fixed the vulnerabilities listed below. The vulnerable components have been updated to fixed versions. Vulnerability Details CVEID:CVE-2022-2175 DESCRIPTION: Vim could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.9AI score0.01659EPSS
Exploits2Affected Software1
Hacker One
Hacker One
added 2023/03/07 4:4 p.m.115 views

Internet Bug Bounty: CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service and Remote Command Execution

An improper input validation vulnerability was discovered in the Apache Airflow Google Provider, affecting versions before 8.10.0. Attackers could modify existing connection configuration information to execute malicious commands or create arbitrary files, leading to denial of service...

7.5CVSS7.5AI score0.01826EPSS
Exploits0
Hacker One
Hacker One
added 2023/03/07 3:11 p.m.157 views

Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution

An improper input validation vulnerability was discovered in Apache Airflow Google Provider before version 8.10.0, which could allow an attacker to execute remote commands on the victim's machine by modifying the existing connection configuration information. The vulnerability was discovered by X...

7.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/07 9:44 a.m.65 views

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...

7.5CVSS8.5AI score0.91153EPSS
Exploits6Affected Software1
CNVD
CNVD
added 2023/03/07 12:0 a.m.20 views

IBM Observability with Instana Access Control Error Vulnerability

IBM Observability with Instana is a powerful application performance monitoring solution from International Business Machines IBM that enables faster performance tracking and incident resolution.IBM Observability with Instana suffers from an access control error vulnerability that stems from the...

9.1CVSS8.8AI score0.08573EPSS
Exploits3References1
GithubExploit
GithubExploit
added 2023/03/06 2:42 p.m.1056 views

Exploit for Improper Authentication in Redhat Keycloak

PoC for CVE-2023-0264 Keycloak vulnerability that allows ses...

5CVSS7.4AI score0.01274EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/06 1:48 p.m.48 views

Nextcloud: Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle

A reflected XSS vulnerability with full CSP bypass was discovered in Nextcloud installations using the recommended bundle. The vulnerability allowed attackers to inject malicious code into web pages, which could be executed in the context of the victim's browser session, leading to a trivial...

6.1CVSS5.1AI score0.00398EPSS
Exploits0
NVD
NVD
added 2023/03/04 12:15 a.m.13 views

CVE-2023-26490

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

8.8CVSS8.2AI score0.0222EPSS
Exploits1References2
Prion
Prion
added 2023/03/04 12:15 a.m.17 views

Command injection

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

6.5CVSS9.2AI score0.0222EPSS
Exploits1References2
Rows per page
Query Builder