9270 matches found
Sirius - First Truly Open-Source General Purpose Vulnerability Scanner
Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Sca...
The vulnerability of the Docker Swarm Dashboard component of the Jenkins Docker Swarm Plugin allows a attacker to perform cross-site scripting attacks.
The vulnerability of the Docker Swarm Dashboard component of the Jenkins Docker Swarm plugin is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
Cisco IOx Application Hosting Environment Privilege Escalation (cisco-sa-rdocker-uATbukKn)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure that could allow an authenticated, remote attacker to access the underlying operating system ...
CVE-2023-43069
Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...
CVE-2023-43069
Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...
Command injection
Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...
CVE-2023-43069
Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...
CVE-2023-43069
Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...
CVE-2023-43069
Dell SmartFabric Storage Software versions 1.4 and earlier are affected by an OS command injection vulnerability in the CLI. An authenticated local attacker could potentially inject parameters to curl or docker, enabling arbitrary command execution. Impact includes possible compromise of confiden...
CVE-2023-20235
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
CVE-2023-20235
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
Design/Logic Flaw
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
CVE-2023-20235
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
CVE-2023-20235
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
CVE-2023-20235
The CVE-2023-20235 issue affects Cisco IOS XE IOS IOx application hosting workflow. It arises because Docker containers using the privileged runtime option are not blocked when in development mode, enabling an authenticated, remote attacker to access the underlying operating system as root via th...
Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
PT-2023-6047 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure could allow an authenticated, remote attacker to...
GHSA-4MQG-H5JF-J9M7 TorchServe Pre-Auth Remote Code Execution
Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...
OSV-2023-942 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62864 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/sun.nio.cs.CESU8$Encoder.encodeArrayLoop java.base/sun.nio.cs.CESU8$Encoder.encodeLoo...
PT-2023-36044 · Fasterxml +1 · Jackson-Databind +1
Name of the Vulnerable Software and Affected Versions: Spotify Docker client affected versions not specified Description: A security exception crash has been reported, involving the com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer and java.base/sun.nio.cs.CESU...