9278 matches found
H2 Web Interface Create Alias RCE
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
GHSA-V9RW-HJR3-426H Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view. Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting XSS...
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view. Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting XSS...
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
Cross site scripting
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
CVE-2023-40350
Summary : CVE-2023-40350 affects Jenkins Docker Swarm Plugin ≤ 1.11. The vulnerability arises because the plugin does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, enabling stored XSS when attackers can influence Docker responses. Public adviso...
Jenkins Plugin Docker Swarm 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A cross-si...
H2 Database Web Interface Create Alias Remote Code Execution Exploit
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
PT-2023-5740 · Jenkins · Jenkins Docker Swarm Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Swarm Plugin versions 1.11 and earlier Description: The issue is related to the Jenkins Docker Swarm Plugin, which does not properly escape values returned from Docker before inserting them into the Docker Swarm Dashboard view...
SUSE SLES12 Security Update : docker (SUSE-SU-2023:3307-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3307-1 advisory. - Update to v20.10.25-ce - CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial...
Security Bulletin: Vulnerabilities in Node.js modules affect IBM Voice Gateway
Summary Security Vulnerabilities in Node.js modules affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By...
SUSE-SU-2023:3307-1 Security update for docker
This update for docker fixes the following issues: - Update to v20.10.25-ce - CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial of Service attack. bsc1214107 - CVE-2023-28841: Fixed a bug which allows an attacker to sit in a trusted position ...
CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...
CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...
CVE-2023-40453
CVE-2023-40453 affects Docker Machine versions 0.16.2 and earlier. A compromised worker node can supply crafted version data, potentially tricking an administrator into unsafe actions via escape sequence injection, or cause a denial of service to a bastion node. Red Hat and OSV records corroborat...
PT-2023-27460 · Docker · Docker Machine
Name of the Vulnerable Software and Affected Versions: Docker Machine versions 0.16.2 and earlier Description: The issue allows an attacker, who has control of a worker node, to provide crafted version data. This might potentially trick an administrator into performing an unsafe action via escape...
The vulnerability of the fetch_docker_image() function in the automation tool for software analysis, ScanCode.io, allows a hacker to execute arbitrary commands.
The vulnerability of the fetchdockerimage function in the automation tool for software analysis, ScanCode.io, is related to the lack of protective measures taken for the structure of the web page during the processing of the dockerreference parameter. Exploiting this vulnerability allows a remote...