Lucene search
K

9275 matches found

Prion
Prion
added 2022/10/25 5:15 p.m.21 views

Command injection

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

6.5CVSS9.6AI score0.01474EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/10/25 12:0 a.m.77 views

CVE-2022-39321

The CVE-2022-39321 vulnerability affects GitHub Actions Runner: a logic bug in how the environment is encoded into docker invocations allowed input to escape environment variables and modify docker commands. Affected versions prior to patch are 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. Pat...

9.9CVSS9.5AI score0.01474EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.4 views

GitHub Actions Runner 操作系统命令注入漏洞

GitHub Actions Runner is an application that runs jobs from a GitHub Actions workflow. A security vulnerability exists in GitHub Actions Runner that stems from the presence of a logic error that allows input to escape an environment variable and directly modify that docker command call, Jobs that...

9.9CVSS8.1AI score0.01474EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.21 views

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

8.8CVSS10AI score0.01474EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.8 views

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

8.8CVSS9.7AI score0.01474EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-24898 · Github · Github Actions Runner

Name of the Vulnerable Software and Affected Versions: GitHub Actions Runner versions prior to 2.296.2 GitHub Actions Runner versions prior to 2.293.1 GitHub Actions Runner versions prior to 2.289.4 GitHub Actions Runner versions prior to 2.285.2 GitHub Actions Runner versions prior to 2.283.4...

9.9CVSS9.6AI score0.01474EPSS
Exploits0References7
OSV
OSV
added 2022/10/25 12:0 a.m.38 views

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

8.8CVSS9.1AI score0.01474EPSS
Exploits0References5
Kitploit
Kitploit
added 2022/10/24 12:57 a.m.44 views

Shomon - Shodan Monitoring Integration For TheHive

ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever! Functionalities Can be used as Webhook OR Stream listener Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to...

7.5AI score
Exploits0References8
GithubExploit
GithubExploit
added 2022/10/23 1:42 p.m.734 views

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 aka text4shell PoC for recently discovered vu...

9.8CVSS8.5AI score0.99931EPSS
Exploits41
OpenVAS
OpenVAS
added 2022/10/23 12:0 a.m.22 views

Fedora: Security Advisory for moby-engine (FEDORA-2022-12790ca71a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS7.4AI score0.01336EPSS
Exploits1References2
Fedora
Fedora
added 2022/10/22 1:52 p.m.46 views

[SECURITY] Fedora 36 Update: moby-engine-20.10.20-1.fc36

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

5.5CVSS7.2AI score0.01336EPSS
Exploits1
GithubExploit
GithubExploit
added 2022/10/22 2:6 a.m.413 views

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Python script for CVE-2022-42889 To test this...

9.8CVSS8.2AI score0.99931EPSS
Exploits41
GithubExploit
GithubExploit
added 2022/10/20 6:7 p.m.562 views

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 PoC Test Application This is a vulnerable appli...

9.8CVSS8.2AI score0.99931EPSS
Exploits41
Tenable Nessus
Tenable Nessus
added 2022/10/20 12:0 a.m.30 views

Amazon Linux 2022 : containerd, containerd-stress (ALAS2022-2022-156)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-156 advisory. A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This...

6.3CVSS6.9AI score0.00807EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2022/10/19 10:56 p.m.438 views

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Test application This repository contains a si...

9.8CVSS8.1AI score0.99931EPSS
Exploits41
Kitploit
Kitploit
added 2022/10/19 11:30 a.m.44 views

PenguinTrace - Tool To Show How Code Runs At The Hardware Level

penguinTrace is intended to help build an understanding of how programs run at the hardware level. It provides a way to see what instructions compile to, and then step through those instructions and see how they affect machine state as well as how this maps back to variables in the original...

7.8AI score
Exploits0References4
GithubExploit
GithubExploit
added 2022/10/18 11:15 p.m.544 views

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-POC A simple demo application that shows how to...

9.8CVSS7.9AI score0.99931EPSS
Exploits41
OwnCloud
OwnCloud
added 2022/10/18 12:0 a.m.37 views

URL spoofing in password reset mail - ownCloud

The docker image of the ownCloud server contained a misconfiguration which rendered the ‘trusteddomains’ config useless. This could be abused to spoof the URL in password reset mails...

4.2CVSS2.1AI score0.00323EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/17 12:0 a.m.29 views

Amazon Linux 2 : containerd, docker (ALASDOCKER-2022-021)

The version of containerd installed on the remote host is prior to 1.6.6-1. The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2022-021 advisory. In net/http in Go before 1.18.6 and 1.19.x befor...

7.5CVSS7AI score0.02513EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 9:28 p.m.46 views

Security Bulletin: Multiple vulnerabilities in Docker affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Docker used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-24769 DESCRIPTION: Moby could allow a local attacker to gain elevated privileges on the system, caused by an issue with containers started incorrectly with...

6.3CVSS7.6AI score0.02693EPSS
Exploits3Affected Software1
Rows per page
Query Builder