9275 matches found
Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...
PT-2023-6047 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure could allow an authenticated, remote attacker to...
GHSA-4MQG-H5JF-J9M7 TorchServe Pre-Auth Remote Code Execution
Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...
OSV-2023-942 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62864 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/sun.nio.cs.CESU8$Encoder.encodeArrayLoop java.base/sun.nio.cs.CESU8$Encoder.encodeLoo...
PT-2023-36044 · Fasterxml +1 · Jackson-Databind +1
Name of the Vulnerable Software and Affected Versions: Spotify Docker client affected versions not specified Description: A security exception crash has been reported, involving the com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer and java.base/sun.nio.cs.CESU...
Pinkerton - An JavaScript File Crawler And Secret Finder Developed In Python
️️ Pinkerton is a Python tool created to crawl JavaScript files and search for secrets Installing / Getting started A quick guide of how to install and use Pinkerton. 1. Clone the repository with: git clone https://github.com/oppsec/pinkerton.git 2. Install the libraries with: pip3 install -r...
The vulnerability of the Docker Desktop platform for developing and delivering container applications relates to breaches of confidentiality boundaries, allowing attackers to increase their privileges.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the breach of trust boundaries. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the fact that it allows a user to introduce or modify arguments, enabling an attacker to increase their privileges.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the implementation or modification of arguments. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its authentication procedures’ flaws, which allow attackers to obtain full administrator privileges.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain full administrator privileges...
The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper code generation management, allowing an attacker to execute arbitrary code.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to inject arbitrary code into the system...
The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper code generation management, allowing an attacker to execute arbitrary code.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Docker Desktop platform for developing and delivering container applications relates to the exposure of protected information, which allows a malicious actor to obtain access tokens.
The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the exposure of protected information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain access tokens through a specially created URL addre...
CVE-2023-5166
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...
CVE-2023-5166
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...
CVE-2023-5165
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...
CVE-2023-5165
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...
CVE-2023-0627
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation LPE.This issue affects Docker Desktop: 4.11.X...
CVE-2023-0625
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0...
CVE-2023-0633
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation LPE.This issue affects Docker Desktop: before 4.12.0...
CVE-2023-0627
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation LPE.This issue affects Docker Desktop: 4.11.X...