Lucene search
K

9275 matches found

Vulnrichment
Vulnrichment
added 2024/09/12 5:54 p.m.20 views

CVE-2024-8696 A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.

A remote code execution RCE vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2...

8.9CVSS7.8AI score0.01225EPSS
Exploits0References1
CVE
CVE
added 2024/09/12 5:52 p.m.67 views

CVE-2024-8695

Summary: CVE-2024-8695 affects Docker Desktop before 4.34.2, with a remote code execution (RCE) flaw exploitable via crafted extension descriptions or changelogs. The vulnerability is triggered when a malicious extension uses these fields, potentially allowing code execution on the host. The thre...

9.8CVSS9.8AI score0.01251EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/12 5:52 p.m.26 views

CVE-2024-8695 A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.

A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2...

9CVSS0.01251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/12 5:52 p.m.16 views

CVE-2024-8695 A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.

A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2...

9CVSS7.8AI score0.01251EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.19 views

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2024-2360)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

9.9CVSS7.5AI score0.16496EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.23 views

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-2434)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

9.9CVSS7.5AI score0.16496EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.3 views

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

9.8CVSS6.9AI score0.01251EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.5 views

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

9.8CVSS6.9AI score0.01225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.4 views

PT-2024-39183 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.2 Description: A remote code execution RCE vulnerability exists via crafted extension publisher-url/additional-urls that could be abused by a malicious extension. This issue can be exploited to execute co...

9.8CVSS7.9AI score0.01225EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.6 views

PT-2024-39182 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.2 Description: A remote code execution vulnerability exists via crafted extension description or changelog, which could be exploited by a malicious extension. Recommendations: For Docker Desktop versions...

9.8CVSS7.7AI score0.01251EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.23 views

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2024-2385)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

9.9CVSS7.5AI score0.16496EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.21 views

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-2411)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

9.9CVSS7.5AI score0.16496EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/09/12 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2360)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.2AI score0.16496EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/09/12 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2411)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.2AI score0.16496EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/09/12 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2434)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.2AI score0.16496EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/09/12 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2385)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.2AI score0.16496EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/09/11 7:20 p.m.11 views

Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs

Summary The AWS Serverless Application Model SAM CLI is an open source tool that allows customers to build, deploy and test their serverless applications built on AWS. AWS SAM CLI can build container Docker images and customers can specify arguments in the SAM template that are passed to the Dock...

6.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/11 7:20 p.m.5 views

GHSA-635V-PC42-FR74 AWS SageMaker Training Toolkit logs CodeArtifact Authorization token

Description For SageMaker Training Toolkit1 versions 4.7.4; 4.7.3; 4.7.2; 4.7.1; 4.7.0, the authorization tokens for CodeArtifact temporary token with an expiration of 12 hours were logged in the log files when the CodeArtifact capability was enabled. If customers push these log files to their...

5.6CVSS6.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/09/11 7:20 p.m.7 views

AWS SageMaker Training Toolkit logs CodeArtifact Authorization token

Description For SageMaker Training Toolkit1 versions 4.7.4; 4.7.3; 4.7.2; 4.7.1; 4.7.0, the authorization tokens for CodeArtifact temporary token with an expiration of 12 hours were logged in the log files when the CodeArtifact capability was enabled. If customers push these log files to their...

6.7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/09/11 5:15 p.m.6 views

CVE-2024-20483

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...

7.2CVSS6.1AI score0.01098EPSS
Exploits0References1
Rows per page
Query Builder