9239 matches found
CVE-2024-29018 External DNS requests from 'internal' networks could lead to data exfiltration
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...
CVE-2024-29018
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...
CVE-2024-29018 External DNS requests from 'internal' networks could lead to data exfiltration
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...
CVE-2024-29018
CVE-2024-29018 affects the Moby-based docker/libnetwork networking stack, where internal networks can forward DNS requests to an external nameserver due to how host loopback DNS resolution is bridged for internal networks. The issue enables an attacker controlling an authoritative DNS domain to c...
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: buildkitd, spire-server-fips, spire-server, melange, conftest-fips, conftest, up, wolfictl, ctop, buf, kubescape, cilium-cli, crossplane, prometheus, datadog-agent, docker-compose, grype, aactl, dagger, tkn, kaniko, cadvisor, trivy, cadvisor-fips, kargo,...
Exploit for Improper Access Control in Zenml
Exploit for CVE-2024-25723 This repository is dedicated to ad...
CLI for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Golang SDK for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Types for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Exploit for File Descriptor Leak in Linuxfoundation Runc
PoC of CVE-2024-21626 Read my full article for detailed explan...
Insecure Variable Substitution in Vela
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
CVE-2024-24562
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While ...
CVE-2024-24562
CVE-2024-24562 affects vantage6-UI (the interface for the vantage6 server). The vulnerability is due to security headers not being set in affected versions. A fix has been committed (68dfa6614) and is expected in future releases; upgrade to a new release when available. If upgrading is not possib...
CVE-2024-24562 Security headers not set in vantage6-UI
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While ...
CVE-2024-24562 Security headers not set in vantage6-UI
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While ...
CVE-2024-24562 Security headers not set in vantage6-UI
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While ...
PT-2024-20453 · Docker +2 · Docker +2
Name of the Vulnerable Software and Affected Versions: vantage6-UI affected versions not specified Description: The issue is related to the absence of certain security headers in the vantage6-UI, which is the official user interface for the vantage6 server. This problem has been addressed in a...
Gtfocli - GTFO Command Line Interface For Easy Binaries Search Commands That Can Be Used To Bypass Local Security Restrictions In Misconfigured Systems
GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in misconfigured systems. Installation Using go: go install github.com/cmd-tools/gtfocli@latest Using homebrew: brew tap cmd-tools/homebrew-tap brew install gtfocli Using...
CVE-2024-28236
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...