GO-2024-2497 Privilege escalation in github.com/moby/buildkit

BuildKit provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special security.insecure entitlement is enabled both by buildkitd...

BuildKit interactive containers API does not validate entitlements check

...

[SECURITY] Fedora 39 Update: python-notebook-7.0.7-1.fc39

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

CVE-2024-23653

A vulnerability was found in the Moby Builder Toolkit, specifically in the Interactive Containers API, where entitlement checks are not adequately validated, caused by a missing privilege check in a GRPC endpoint when called using a custom syntax format. This flaw allows the currently running...

CVE-2023-51534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...

CVE-2023-51534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...

CVE-2023-52189

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4...

CVE-2023-52189

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4...

CVE-2023-52189 WordPress Ideal Interactive Map Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4...

CVE-2023-52189

CVE-2023-52189 : WordPress plugin “Ideal Interactive Map”

CVE-2023-52189 WordPress Ideal Interactive Map Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4...

WordPress plugin Ideal Interactive Map cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-14456 · Unknown · Jhayghost Ideal Interactive Map

Name of the Vulnerable Software and Affected Versions: Jhayghost Ideal Interactive Map versions 1.2.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

GHSA-WR6V-9F75-VH2G Buildkit's interactive containers API does not validate entitlements check

Impact In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if specia...

GHSA-R7QV-8R2H-PG27 Multiple issues involving quote API in shlex

Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments. Thi...

Multiple issues involving quote API in shlex

Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments. Thi...

RUSTSEC-2024-0006 Multiple issues involving quote API

Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments. Thi...

CVE-2024-22421

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...