Lucene search
K

9278 matches found

Metasploit
Metasploit
added 2023/08/16 7:50 p.m.844 views

H2 Web Interface Create Alias RCE

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

8.8CVSS7.3AI score0.34986EPSS
Exploits2
OSV
OSV
added 2023/08/16 3:30 p.m.16 views

GHSA-V9RW-HJR3-426H Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability

Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view. Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting XSS...

7.5CVSS5.4AI score0.0051EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/08/16 3:30 p.m.27 views

Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability

Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view. Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting XSS...

5.4CVSS5.5AI score0.0051EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/16 3:15 p.m.6 views

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

5.4CVSS5.6AI score0.0051EPSS
Exploits0References2
NVD
NVD
added 2023/08/16 3:15 p.m.11 views

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

5.4CVSS5.3AI score0.0051EPSS
Exploits0References2
Prion
Prion
added 2023/08/16 3:15 p.m.17 views

Cross site scripting

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

4.9CVSS5.2AI score0.0051EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/16 2:32 p.m.26 views

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

5.7AI score0.0051EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/16 2:32 p.m.11 views

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

5.7AI score0.0051EPSS
Exploits0References2
CVE
CVE
added 2023/08/16 2:32 p.m.241 views

CVE-2023-40350

Summary : CVE-2023-40350 affects Jenkins Docker Swarm Plugin ≤ 1.11. The vulnerability arises because the plugin does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, enabling stored XSS when attackers can influence Docker responses. Public adviso...

5.4CVSS5.2AI score0.0051EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/08/16 12:0 a.m.6 views

Jenkins Plugin Docker Swarm 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A cross-si...

5.4CVSS5.4AI score0.0051EPSS
Exploits0References5
0day.today
0day.today
added 2023/08/16 12:0 a.m.552 views

H2 Database Web Interface Create Alias Remote Code Execution Exploit

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.7 views

PT-2023-5740 · Jenkins · Jenkins Docker Swarm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Docker Swarm Plugin versions 1.11 and earlier Description: The issue is related to the Jenkins Docker Swarm Plugin, which does not properly escape values returned from Docker before inserting them into the Docker Swarm Dashboard view...

7.5CVSS5.3AI score0.0051EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/08/15 12:0 a.m.45 views

SUSE SLES12 Security Update : docker (SUSE-SU-2023:3307-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3307-1 advisory. - Update to v20.10.25-ce - CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial...

8.7CVSS7.2AI score0.02733EPSS
Exploits2References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/14 7:58 p.m.34 views

Security Bulletin: Vulnerabilities in Node.js modules affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js modules affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By...

9.8CVSS9.2AI score0.02761EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/08/14 8:52 a.m.13 views

SUSE-SU-2023:3307-1 Security update for docker

This update for docker fixes the following issues: - Update to v20.10.25-ce - CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial of Service attack. bsc1214107 - CVE-2023-28841: Fixed a bug which allows an attacker to sit in a trusted position ...

8.7CVSS7.7AI score0.02733EPSS
Exploits2References7
Cvelist
Cvelist
added 2023/08/14 12:0 a.m.19 views

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

6.7AI score0.00899EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/14 12:0 a.m.10 views

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

6.5AI score0.00899EPSS
Exploits1References3
CVE
CVE
added 2023/08/14 12:0 a.m.39 views

CVE-2023-40453

CVE-2023-40453 affects Docker Machine versions 0.16.2 and earlier. A compromised worker node can supply crafted version data, potentially tricking an administrator into unsafe actions via escape sequence injection, or cause a denial of service to a bastion node. Red Hat and OSV records corroborat...

6.5CVSS6.5AI score0.00899EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.5 views

PT-2023-27460 · Docker · Docker Machine

Name of the Vulnerable Software and Affected Versions: Docker Machine versions 0.16.2 and earlier Description: The issue allows an attacker, who has control of a worker node, to provide crafted version data. This might potentially trick an administrator into performing an unsafe action via escape...

6.5CVSS7.2AI score0.00899EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.7 views

The vulnerability of the fetch_docker_image() function in the automation tool for software analysis, ScanCode.io, allows a hacker to execute arbitrary commands.

The vulnerability of the fetchdockerimage function in the automation tool for software analysis, ScanCode.io, is related to the lack of protective measures taken for the structure of the web page during the processing of the dockerreference parameter. Exploiting this vulnerability allows a remote...

7.3CVSS8AI score0.02437EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder