Lucene search
K

9269 matches found

NVD
NVD
added 2024/10/16 3:15 p.m.27 views

CVE-2024-9348

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view...

8.9CVSS0.00475EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/16 2:50 p.m.32 views

CVE-2024-9348 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view...

8.9CVSS0.00475EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/16 2:50 p.m.23 views

CVE-2024-9348 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view...

8.9CVSS7.2AI score0.00475EPSS
Exploits0References1
CVE
CVE
added 2024/10/16 2:50 p.m.70 views

CVE-2024-9348

Docker Desktop is affected by CVE-2024-9348 on versions prior to 4.34.3. The issue is a remote code execution (RCE) vulnerability caused by unsanitized GitHub source links in the Build view, allowing an attacker to execute arbitrary code. Public sources across Nessus plug‑ins, CVELIST, CNNVD, and...

8.9CVSS6.6AI score0.00475EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/10/16 3:31 a.m.201 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 !imagehttps://github.com/user-attachments/ass...

10CVSS9.3AI score0.99654EPSS
Exploits31
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.5 views

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

8.9CVSS7.1AI score0.00475EPSS
Exploits0References2
OSV
OSV
added 2024/10/15 6:5 p.m.19 views

GHSA-4R7V-WHPG-8RX3 changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...

10CVSS9.6AI score0.83722EPSS
Exploits5References6
Github Security Blog
Github Security Blog
added 2024/10/15 6:5 p.m.43 views

changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...

10CVSS9.6AI score0.83722EPSS
Exploits5References6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 2:50 p.m.34 views

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

7.5CVSS7.8AI score0.00932EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 1:6 p.m.25 views

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...

7.5CVSS6.4AI score0.01414EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/15 12:0 a.m.17 views

Amazon Linux 2 : runc (ALASDOCKER-2024-047)

The version of runc installed on the remote host is prior to 1.1.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-047 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as...

3.6CVSS6.7AI score0.00317EPSS
Exploits0References4
Amazon
Amazon
added 2024/10/15 12:0 a.m.6 views

Low: runc

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...

3.6CVSS6.7AI score0.00317EPSS
Exploits0
Broadcom
Broadcom
added 2024/10/15 12:0 a.m.18 views

Brocade SANnav Vulnerability Disclosures

Brocade Security Advisories posted on March 3, 2026 CVEs addressed in SANnav 3.0.0 CVE-2025-53905, CVE-2025-53906 Path traversal issues in Vims tar.vim and zip.vim plugins PSIRT Risk: Low https://support.broadcom.com/external/content/SecurityAdvisories/0/37152 CVE-2025-26465 OpenSSH security upda...

9.8CVSS8AI score0.95302EPSS
Exploits26
NVD
NVD
added 2024/10/14 4:15 p.m.12 views

CVE-2024-41997

An issue was discovered in version of Warp Terminal prior to 2024.07.18 v0.2024.07.16.08.02. A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/opensubshell intent that when clicked ...

6.6CVSS0.012EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/14 12:0 a.m.11 views

CVE-2024-41997

An issue was discovered in version of Warp Terminal prior to 2024.07.18 v0.2024.07.16.08.02. A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/opensubshell intent that when clicked ...

7.6AI score0.012EPSS
Exploits1References4
CVE
CVE
added 2024/10/14 12:0 a.m.58 views

CVE-2024-41997

CVE-2024-41997 affects Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). The Docker integration uses warp:// URIs and the /docker/open_subshell action accepts a shell parameter that is incorporated into a command string without sanitization, enabling command injection. An attacker can craf...

6.6CVSS7AI score0.012EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.4 views

Warp 安全漏洞

Warp is a terminal application from Warp, Inc. A security vulnerability exists in versions prior to Warp 2024.07.18 v0.2024.07.16.08.02, which stems from a command injection vulnerability in the Docker Integration feature, which allows an attacker to execute commands on the victim's machine by...

6.6CVSS7.8AI score0.012EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.16 views

Amazon Linux 2023 : runc (ALAS2023-2024-725)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-725 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or...

3.6CVSS6.6AI score0.00317EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/14 12:0 a.m.12 views

CVE-2024-41997

An issue was discovered in version of Warp Terminal prior to 2024.07.18 v0.2024.07.16.08.02. A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/opensubshell intent that when clicked ...

0.012EPSS
Exploits1References4
Debian
Debian
added 2024/10/13 6:59 p.m.91 views

[SECURITY] [DLA 3918-1] docker.io security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3918-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès October 13, 2024 https://wiki.debian.org/LTS -...

9.9CVSS6.7AI score0.16496EPSS
Exploits0
Rows per page
Query Builder