9269 matches found
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1251)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
RHEL 7 : OpenShift Container Platform 3.11.634 (RHSA-2022:0555)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0555 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
GHSA-86F3-HF24-76Q4 Use of Hard-coded Cryptographic Key in Netmaker
Impact There is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server, if you know the address and username of the admin. This effects the server netmaker component, and not clients. Patches This has been patched in Netmaker v0.8.5, v0.9.4...
GHSA-FGV8-VJ5C-2PPQ Incorrect Authorization in runc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...
Incorrect Authorization in runc
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory...
Security Bulletin: IBM Sterling Global Mailbox vulnerable to sensitive information exposure due to Jackson Data Mapper (CVE-2019-10172)
Summary Data mapper for Jackson is shipped with IBM Sterling Global Mailbox. Sensitive information exposure due to XXE error impacts Data mapper for Jackson. Remediation is available for the issues. Vulnerability Details CVEID: CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remote...
Docker Desktop has an unspecified vulnerability
Docker Desktop is a container-based desktop software for lightweight deployment of applications from Docker, Inc. Docker Desktop has a security vulnerability that could be exploited by attackers to move arbitrary files...
FileCloud 21.2 Cross Site Request Forgery
Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...
FileCloud 21.2 - Cross-Site Request Forgery Vulnerability
Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...
Datarobot Remote Code Execution Vulnerability
Exploit Title: Datarobot -- Remote Code Execution Vendor Homepage: https://www.datarobot.com Software Link: https://app.datarobot.com/ Version: TBD - awaiting build version from vendor Tested on: The issue affects all versions of the product up to the date of this submission Exploit Authors: Mike...
FileCloud 21.2 - Cross-Site Request Forgery (CSRF)
Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...
HybridTestFramework - End To End Testing Of Web, API And Security
Full-fledged WEB, API and Security testing framework using selenium,ZAP OWASP proxy and rest-assured Supported Platforms This framework supports WebUi automation across a variety of browsers like Chrome, Firefox, IE, no only limited to this but extended to test rest api, security and visual...
CVE-2022-25365
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774...
CVE-2022-25365
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774...
CVE-2022-25365
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774...
Code injection
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774...
CVE-2022-25365
CVE-2022-25365 affects Docker Desktop for Windows, stated as: before 4.5.1 allows attackers to move arbitrary files due to an incomplete fix for CVE-2022-23774. Connected evidence includes a GitHub exploit repository (exploit for CVE-2022-25365) listing PoC files (poc.py, createsymlink.exe, junct...
CVE-2022-25365
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774...
PT-2022-17243 · Docker · Docker Desktop +1
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.5.1 Description: The issue allows attackers to move arbitrary files due to an incomplete fix for a previous problem. Recommendations: For versions prior to 4.5.1, update to version 4.5.1 or later to resolve...