Lucene search
K

9275 matches found

Cisco
Cisco
added 2023/10/04 4:0 p.m.42 views

Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

6.5CVSS8.7AI score0.00509EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.4 views

PT-2023-6047 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure could allow an authenticated, remote attacker to...

8.8CVSS8.3AI score0.00509EPSS
Exploits0References6
OSV
OSV
added 2023/10/02 8:38 p.m.27 views

GHSA-4MQG-H5JF-J9M7 TorchServe Pre-Auth Remote Code Execution

Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...

9.9CVSS8AI score
Exploits0References3
OSV
OSV
added 2023/10/01 1:3 p.m.11 views

OSV-2023-942 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62864 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/sun.nio.cs.CESU8$Encoder.encodeArrayLoop java.base/sun.nio.cs.CESU8$Encoder.encodeLoo...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/01 12:0 a.m.3 views

PT-2023-36044 · Fasterxml +1 · Jackson-Databind +1

Name of the Vulnerable Software and Affected Versions: Spotify Docker client affected versions not specified Description: A security exception crash has been reported, involving the com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer and java.base/sun.nio.cs.CESU...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2023/09/28 11:30 a.m.65 views

Pinkerton - An JavaScript File Crawler And Secret Finder Developed In Python

️️ Pinkerton is a Python tool created to crawl JavaScript files and search for secrets Installing / Getting started A quick guide of how to install and use Pinkerton. 1. Clone the repository with: git clone https://github.com/oppsec/pinkerton.git 2. Install the libraries with: pip3 install -r...

7.2AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.4 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications relates to breaches of confidentiality boundaries, allowing attackers to increase their privileges.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the breach of trust boundaries. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7.2AI score0.00242EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.4 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the fact that it allows a user to introduce or modify arguments, enabling an attacker to increase their privileges.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the implementation or modification of arguments. Exploiting this vulnerability can allow an attacker to enhance their privileges...

7.8CVSS7.2AI score0.00269EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.4 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its authentication procedures’ flaws, which allow attackers to obtain full administrator privileges.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain full administrator privileges...

7.1CVSS7.6AI score0.00225EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.4 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper code generation management, allowing an attacker to execute arbitrary code.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to inject arbitrary code into the system...

10CVSS8.1AI score0.00739EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.3 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper code generation management, allowing an attacker to execute arbitrary code.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.1AI score0.00739EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.3 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications relates to the exposure of protected information, which allows a malicious actor to obtain access tokens.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the exposure of protected information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain access tokens through a specially created URL addre...

10CVSS6.6AI score0.00683EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/09/25 4:15 p.m.26 views

CVE-2023-5166

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...

8CVSS7.8AI score0.00683EPSS
Exploits0References1
OSV
OSV
added 2023/09/25 4:15 p.m.3 views

CVE-2023-5166

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...

6.5CVSS5.8AI score0.00683EPSS
Exploits0References1
NVD
NVD
added 2023/09/25 4:15 p.m.19 views

CVE-2023-5165

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...

8.8CVSS7.4AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2023/09/25 4:15 p.m.5 views

CVE-2023-5165

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...

8.8CVSS5.7AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2023/09/25 4:15 p.m.3 views

CVE-2023-0627

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation LPE.This issue affects Docker Desktop: 4.11.X...

7.8CVSS5.8AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2023/09/25 4:15 p.m.4 views

CVE-2023-0625

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0...

9.8CVSS5.8AI score0.00739EPSS
Exploits0References1
OSV
OSV
added 2023/09/25 4:15 p.m.5 views

CVE-2023-0633

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation LPE.This issue affects Docker Desktop: before 4.12.0...

7.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2023/09/25 4:15 p.m.24 views

CVE-2023-0627

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation LPE.This issue affects Docker Desktop: 4.11.X...

7.8CVSS6.8AI score0.00242EPSS
Exploits0References1
Rows per page
Query Builder