Lucene search
K

9260 matches found

Gitee
Gitee
added 2021/11/24 12:17 a.m.8 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable systems and applications,...

9.8CVSS8.2AI score0.99686EPSS
Exploits53
CNVD
CNVD
added 2021/11/24 12:0 a.m.12 views

Docker code injection vulnerability

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrade of applications throug...

9.3CVSS1.5AI score0.01824EPSS
Exploits1References1
Veracode
Veracode
added 2021/11/23 10:39 a.m.16 views

Arbitrary Code Execution

docker-cli-js is vulnerable to arbitrary code execution. An attacker is able to potentially execute arbitrary commands on the host OS when that attacker has at least partial control over command parameter of the Docker.command method...

9CVSS4.3AI score0.01824EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/11/22 5:15 p.m.10 views

Command injection

This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system...

9.3CVSS9.2AI score0.01824EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/11/22 5:0 p.m.17 views

CVE-2021-23732 Arbitrary Code Execution

This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system...

9CVSS9.6AI score0.01824EPSS
Exploits1References2
CVE
CVE
added 2021/11/22 5:0 p.m.67 views

CVE-2021-23732

CVE-2021-23732 affects docker-cli-js. The vulnerability allows OS command execution when the user can partially control the command parameter of Docker.command, enabling arbitrary commands on the host. The connected advisories detail exploitation paths (Snyk example) and indicate there is no fixe...

9.3CVSS9.4AI score0.01824EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/11/22 12:0 a.m.4 views

Docker 操作系统命令注入漏洞

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrade of applications throug...

9.3CVSS6.3AI score0.01824EPSS
Exploits1References2
Gitee
Gitee
added 2021/11/21 12:0 a.m.5 views

vulhub1

This is a repository for a project called Vulhub, which appears to be a collection of vulnerable systems and applications for testing and learning purposes. The repository contains various files and directories, including: 1. .gitattributes: A file that specifies which files should be ignored by...

6.9AI score
Exploits0
OSV
OSV
added 2021/11/19 8:55 p.m.12 views

GHSA-6C7M-QWXJ-MVHP Broken encryption in EdgeX Foundry

Summary Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. Detailed Description The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in th...

5.4CVSS5.3AI score0.00313EPSS
Exploits0References4
Kitploit
Kitploit
added 2021/11/18 11:30 a.m.21 views

Kube-Applier - Enables Automated Deployment And Declarative Configuration For Your Kubernetes Cluster

kube-applier is a service that enables continuous deployment of Kubernetes objects by applying declarative configuration files from a Git repository to a Kubernetes cluster. kube-applier runs as a Pod in your cluster and watches the Git repo to ensure that the cluster objects are up-to-date with...

6.9AI score
Exploits0References18
Amazon
Amazon
added 2021/11/18 12:0 a.m.5 views

Medium: docker

Issue Overview: A flaw was found in moby. Moby buildkit calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. CVE-2020-27534 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 -...

5.3CVSS6.8AI score0.01745EPSS
Exploits0
Amazon
Amazon
added 2021/11/18 12:0 a.m.6 views

Medium: docker

Issue Overview: Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

6.5CVSS6.8AI score0.0247EPSS
Exploits0
Amazon
Amazon
added 2021/11/18 12:0 a.m.7 views

Medium: containerd

Issue Overview: A flaw was found in containerd. Credentials may be leaked during an image pull. CVE-2020-15157 Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for t...

6.1CVSS6.8AI score0.02209EPSS
Exploits1
Amazon
Amazon
added 2021/11/18 12:0 a.m.5 views

Important: runc

Issue Overview: The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentialit...

8.5CVSS6.9AI score0.06604EPSS
Exploits0
Amazon
Amazon
added 2021/11/18 12:0 a.m.9 views

Medium: docker

Issue Overview: Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

6.5CVSS6.8AI score0.0247EPSS
Exploits0
Amazon
Amazon
added 2021/11/18 12:0 a.m.6 views

Medium: docker

Issue Overview: A flaw was found in moby. Moby buildkit calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. CVE-2020-27534 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 -...

5.3CVSS6.8AI score0.01745EPSS
Exploits0
Amazon
Amazon
added 2021/11/18 12:0 a.m.30 views

Important: docker

Issue Overview: A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause...

7.5CVSS7AI score0.03398EPSS
Exploits2
Amazon
Amazon
added 2021/11/18 12:0 a.m.14 views

Important: docker

Issue Overview: A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause...

7.5CVSS7AI score0.03398EPSS
Exploits2
Amazon
Amazon
added 2021/11/18 12:0 a.m.10 views

Medium: docker

Issue Overview: Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. CVE-2018-20699 A command injectio...

8.4CVSS7.8AI score0.03653EPSS
Exploits1
Amazon
Amazon
added 2021/11/18 12:0 a.m.31 views

Medium: docker

Issue Overview: Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. CVE-2018-20699 A command injectio...

8.4CVSS7.8AI score0.03653EPSS
Exploits1
Rows per page
Query Builder