Lucene search
K

9270 matches found

Kitploit
Kitploit
added 2023/10/10 11:30 a.m.42 views

Sirius - First Truly Open-Source General Purpose Vulnerability Scanner

Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Sca...

7.2AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/09 12:0 a.m.4 views

The vulnerability of the Docker Swarm Dashboard component of the Jenkins Docker Swarm Plugin allows a attacker to perform cross-site scripting attacks.

The vulnerability of the Docker Swarm Dashboard component of the Jenkins Docker Swarm plugin is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

5.5CVSS5.6AI score0.0051EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.37 views

Cisco IOx Application Hosting Environment Privilege Escalation (cisco-sa-rdocker-uATbukKn)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure that could allow an authenticated, remote attacker to access the underlying operating system ...

8.8CVSS7.9AI score0.00509EPSS
Exploits0References3
OSV
OSV
added 2023/10/05 6:15 p.m.5 views

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

7.8CVSS5.8AI score0.00468EPSS
Exploits0References1
NVD
NVD
added 2023/10/05 6:15 p.m.15 views

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

7.8CVSS7.7AI score0.00468EPSS
Exploits0References1
Prion
Prion
added 2023/10/05 6:15 p.m.19 views

Command injection

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

4.3CVSS7.5AI score0.00468EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/05 5:25 p.m.10 views

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

7.8CVSS7.4AI score0.00468EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/05 5:25 p.m.17 views

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

7.8CVSS7.8AI score0.00468EPSS
Exploits0References1
CVE
CVE
added 2023/10/05 5:25 p.m.49 views

CVE-2023-43069

Dell SmartFabric Storage Software versions 1.4 and earlier are affected by an OS command injection vulnerability in the CLI. An authenticated local attacker could potentially inject parameters to curl or docker, enabling arbitrary command execution. Impact includes possible compromise of confiden...

7.8CVSS7.6AI score0.00468EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/04 5:15 p.m.2 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

8.8CVSS5.8AI score0.00509EPSS
Exploits0References1
NVD
NVD
added 2023/10/04 5:15 p.m.21 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

8.8CVSS7.5AI score0.00509EPSS
Exploits0References1
Prion
Prion
added 2023/10/04 5:15 p.m.26 views

Design/Logic Flaw

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

6.5CVSS8.5AI score0.00509EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/04 4:14 p.m.0 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

6.5CVSS5.7AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/04 4:14 p.m.17 views

CVE-2023-20235

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

6.5CVSS8.8AI score0.00509EPSS
Exploits0References1
CVE
CVE
added 2023/10/04 4:14 p.m.118 views

CVE-2023-20235

The CVE-2023-20235 issue affects Cisco IOS XE IOS IOx application hosting workflow. It arises because Docker containers using the privileged runtime option are not blocked when in development mode, enabling an authenticated, remote attacker to access the underlying operating system as root via th...

8.8CVSS8.4AI score0.00509EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2023/10/04 4:0 p.m.42 views

Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

6.5CVSS8.7AI score0.00509EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.4 views

PT-2023-6047 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure could allow an authenticated, remote attacker to...

8.8CVSS8.3AI score0.00509EPSS
Exploits0References6
OSV
OSV
added 2023/10/02 8:38 p.m.27 views

GHSA-4MQG-H5JF-J9M7 TorchServe Pre-Auth Remote Code Execution

Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...

9.9CVSS8AI score
Exploits0References3
OSV
OSV
added 2023/10/01 1:3 p.m.11 views

OSV-2023-942 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62864 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/sun.nio.cs.CESU8$Encoder.encodeArrayLoop java.base/sun.nio.cs.CESU8$Encoder.encodeLoo...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/01 12:0 a.m.3 views

PT-2023-36044 · Fasterxml +1 · Jackson-Databind +1

Name of the Vulnerable Software and Affected Versions: Spotify Docker client affected versions not specified Description: A security exception crash has been reported, involving the com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer and java.base/sun.nio.cs.CESU...

7AI score
Exploits0References2
Rows per page
Query Builder