Exploit for Code Injection in Apache Airflow

Apache Airflow official report description says: A vulnerab...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171)

Summary A security vulnerability has been identified and addressed in WebSphere Liberty Server shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363)

Summary A security vulnerability has been identified and addressed in Apache CXF shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is...

Information Disclosure

agpt is vulnerable to Information Disclosure. The vulnerability exists because it does not properly restrict writing to the docker-compose.yml, which allows an attacker to inject malicious custom Python code into the system the next time the docker container is run by overwriting the compose file...

Amazon Linux 2023 : docker (ALAS2023-2023-260)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-260 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...

Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation

Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to...

Docker Hub images found to expose secrets and private keys

Numerous Docker images shared on Docker Hub are exposing sensitive data, according to a study conducted by researchers at the German university RWTH Aachen. Needless to say, this poses a significant security risk. In traditional software development, programmers code an application in one computi...

Security Bulletin: IBM Edge Application Manager 4.5.1 addresses security vulnerability listed in CVE below.

Summary IBM Edge Application Manager 4.5.1 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-2879 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the failure to set a limit on the maximum size of file headers by Reader.Read. ...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: docker Issue Correction: Run dnf update docker --releasever 2023.1.20230719 or dnf update --advisory ALAS2023-2023-260 --releasever 2023.1.20230719 to update your system. More information o...

Security Bulletin: IBM Edge Application Manager 4.5.1 addresses security vulnerability listed in CVE below.

Summary IBM Edge Application Manager 4.5.1 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2023-2251 DESCRIPTION: YAML is vulnerable to a denial of service, caused by an uncaught exception in the parseDocument and parseAllDocuments functions. By sendi...

Arbitrary Code Execution

agpt is vulnerable to Arbitrary Code Execution. The vulnerability exists in executecode.py due to using a dedicated Docker container which Auto-GPT uses on the host system through run.sh or run.bat files while sandboxing customized Python code. It is possible to take advantage of this to execute...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2023-2352)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploi...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2023-2378)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploi...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-2378)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-2352)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sysreptor - Fully Customisable, Offensive Security Reporting Tool Designed For Pentesters, Red Teamers And Other Security-Related People Alike

Easy and customisable pentest report creator based on simple web technologies. SysReptor is a fully customisable, offensive security reporting tool designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-37582EXPLOIT Apache RocketMQ Arbitrary File Write Vu...

TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform GCP services, marking the adversary's expansion in targeting beyond Amazon Web Services AWS. The findings come from SentinelOne and Permiso, which said the...

Amazon Linux 2 : ecs-init, docker, containerd, runc (ALASECS-2022-001)

The version of containerd installed on the remote host is prior to 1.4.13-3. The version of docker installed on the remote host is prior to 20.10.13-2. The version of ecs-init installed on the remote host is prior to 1.61.1-1. The version of runc installed on the remote host is prior to 1.0.3-3. ...

CVE-2023-37274

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...