27 matches found
BIT-MLFLOW-2025-14287 Command Injection in mlflow/mlflow
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...
CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates
Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...
GHSA-XCH3-2F9X-WH9F MLflow has a command injection in mlflow/sagemaker/__init__.py
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...
CVE-2025-14287 Command Injection in mlflow/mlflow
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...
CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
PT-2026-25846
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances is a system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands...
Fluent Bit < 4.0.12 / 4.1.x < 4.1.1 Multiple Vulnerabilities
The version of Fluent Bit running on the remote host is prior to 4.0.12, or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities, including: - Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or...
CVE-2025-12970
The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...
CVE-2025-12970
The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...
AZL-71074 CVE-2025-12970 affecting package fluent-bit for versions less than 3.0.6-6
The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...
AZL-71111 CVE-2025-12970 affecting package fluent-bit for versions less than 3.1.10-2
The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...
CVE-2025-12970
The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...
PT-2025-47921
Name of the Vulnerable Software and Affected Versions Fluent Bit versions affected versions not specified Description The extract name function within the in docker input plugin of Fluent Bit contains a buffer overflow issue. This occurs because the function copies container names into a fixed-si...
PT-2023-21741 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Concrete CMS previously concrete5 versions prior to 9.2 Description: The issue is related to Stored XSS via a container name. There is no information provided about the estimated...
SUSE CVE-2014-5278
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...
A vulnerability exists in Docker before 1.2 via container names which may collide with and override container IDs.
...
CVE-2014-5278
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...
CVE-2014-5278
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...
Input validation
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...
CVE-2014-5278
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...