Lucene search
K

9275 matches found

Vulnrichment
Vulnrichment
added 2024/10/14 12:0 a.m.11 views

CVE-2024-41997

An issue was discovered in version of Warp Terminal prior to 2024.07.18 v0.2024.07.16.08.02. A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/opensubshell intent that when clicked ...

7.6AI score0.012EPSS
Exploits1References4
CVE
CVE
added 2024/10/14 12:0 a.m.58 views

CVE-2024-41997

CVE-2024-41997 affects Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). The Docker integration uses warp:// URIs and the /docker/open_subshell action accepts a shell parameter that is incorporated into a command string without sanitization, enabling command injection. An attacker can craf...

6.6CVSS7AI score0.012EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.4 views

Warp 安全漏洞

Warp is a terminal application from Warp, Inc. A security vulnerability exists in versions prior to Warp 2024.07.18 v0.2024.07.16.08.02, which stems from a command injection vulnerability in the Docker Integration feature, which allows an attacker to execute commands on the victim's machine by...

6.6CVSS7.8AI score0.012EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/10/14 12:0 a.m.12 views

CVE-2024-41997

An issue was discovered in version of Warp Terminal prior to 2024.07.18 v0.2024.07.16.08.02. A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/opensubshell intent that when clicked ...

0.012EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/10/14 12:0 a.m.16 views

Amazon Linux 2023 : runc (ALAS2023-2024-725)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-725 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or...

3.6CVSS6.6AI score0.00317EPSS
Exploits0References4
Debian
Debian
added 2024/10/13 6:59 p.m.91 views

[SECURITY] [DLA 3918-1] docker.io security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3918-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès October 13, 2024 https://wiki.debian.org/LTS -...

9.9CVSS6.7AI score0.16496EPSS
Exploits0
Fedora
Fedora
added 2024/10/13 12:42 a.m.21 views

[SECURITY] Fedora 41 Update: podman-5.2.4-1.fc41

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

8.2CVSS7.2AI score0.0099EPSS
Exploits0
OSV
OSV
added 2024/10/12 11:9 a.m.5 views

OESA-2024-2253 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files...

3.6CVSS6.8AI score0.00317EPSS
Exploits0References2
Huntr
Huntr
added 2024/10/12 8:12 a.m.4 views

pickle deserialization vulnerability

Description There is a pickle deserialization vulnerability in the Latex English error correction plug-in function of gptacademic, which allows attackers to achieve remote command execution Environment setup 1. wget https://github.com/binary-husky/gptacademic/archive/refs/tags/version3.83.zip 2...

8.8CVSS9.2AI score0.01837EPSS
Exploits1
OSV
OSV
added 2024/10/11 4:58 p.m.9 views

GHSA-J2HR-Q93X-GXVH SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...

9.8CVSS9.4AI score0.00387EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/10/11 4:58 p.m.21 views

SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...

9.8CVSS6.7AI score0.00387EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/10/09 7:15 p.m.12 views

CVE-2024-47832

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

9.8CVSS0.00387EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/09 6:32 p.m.15 views

CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

9.3CVSS0.00387EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/09 6:32 p.m.17 views

CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

9.3CVSS6.8AI score0.00387EPSS
Exploits0References3
CVE
CVE
added 2024/10/09 6:32 p.m.89 views

CVE-2024-47832

CVE-2024-47832 affects ssoready (SSOReady) when self-hosted as a Docker-based IDP. The issue is an XML signature bypass caused by differing XML parser behaviors, enabling signature bypass if an attacker can access certain IDP-signed messages. Public hosted instance (https://ssoready.com) is unaff...

9.8CVSS6.5AI score0.00387EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/09 6:32 p.m.14 views

CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

9.3CVSS7.8AI score0.00387EPSS
Exploits0References5
Wallarm Lab
Wallarm Lab
added 2024/10/09 7:19 a.m.14 views

Choosing the Right Deployment Option for Your API Security Solution

You need an API security solution. That much is a given although some may argue it isn’t!. While essential for business growth and innovation, APIs, or Application Programming Interfaces, expose the organizations that use them to cyber threats. Attackers are both aware of and actively exploiting...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.12 views

CentOS 7 : docker (RHSA-2020:1234)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux....

7.5CVSS7.2AI score0.05071EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.26 views

CentOS 7 : docker (RHSA-2020:2653)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2653 advisory. - Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to...

9.3CVSS7.8AI score0.9857EPSS
Exploits33References4
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.5 views

PT-2024-6924 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.3 Description: The issue is related to a lack of output encoding or sanitization mechanism in Docker Desktop, which can be exploited by a remote attacker to execute arbitrary code by injecting it through ...

8.9CVSS8.4AI score0.00475EPSS
Exploits0References9
Rows per page
Query Builder