9239 matches found
GO-2024-2870 Credential leakage in github.com/aquasecurity/trivy
A malicious registry can cause Trivy to leak credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registry ACR if the registry is scanned from directly using Trivy. These tokens can then be used to push/pull...
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit
CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The...
Chaos RAT XSS to RCE
CHAOS v5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The webapp contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The webapp also...
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chaos RAT XSS to RCE', 'Description' = %q CHAOS v5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to...
Trivy possibly leaks registry credential when scanning images from malicious registries
Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...
GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries
Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...
CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1
CVE-2023-45288 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-45288 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-45288 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1
CVE-2024-23650 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-45142 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23653 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2024-23653 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2024-23650 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2024-24786 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1
CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-23653 affecting package docker-compose for versions less than 2.27.0-1
CVE-2024-23653 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-48795 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-48795 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1
CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-47108 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-47108 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-44487 affecting package docker-buildx for versions less than 0.14.0-1
CVE-2023-44487 affecting package docker-buildx for versions less than 0.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1
CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1. An upgraded version of the package is available that resolves this issue...