Lucene search
K

9260 matches found

CVE
CVE
added 2023/04/12 5:5 p.m.51 views

CVE-2023-30516

CVE-2023-30516 affects Jenkins Image Tag Parameter Plugin. The 2.0 release improperly adds an option to opt out of SSL/TLS certificate validation when connecting to Docker registries. As a result, job configurations that used Image Tag Parameters created before version 2.0 may have SSL/TLS certif...

6.5CVSS6.4AI score0.00458EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2023/04/12 1:34 a.m.36 views

[SECURITY] Fedora 37 Update: skopeo-1.11.2-1.fc37

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

7.5CVSS7.7AI score0.04561EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.4 views

PT-2023-2575 · Jenkins · Jenkins Image Tag Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Image Tag Parameter Plugin version 2.0 Description: The Jenkins Image Tag Parameter Plugin improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries. This results in job...

6.5CVSS7.3AI score0.00458EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.16 views

Jenkins Plugin Image Tag Parameter 信任管理问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00458EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/04/12 12:0 a.m.42 views

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-1617)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploi...

7CVSS6.9AI score0.00457EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/12 12:0 a.m.25 views

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-1618)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be...

8.5CVSS7.4AI score0.06604EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.4 views

PT-2023-2327 · Minikube · Minikube

Name of the Vulnerable Software and Affected Versions: minikube affected versions not specified Description: The issue is related to information disclosure in the minikube tool, which could allow a remote attacker to gain access to the container. Specifically, it exposes a network port in minikub...

9.8CVSS9AI score0.00756EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.6 views

The vulnerability of the data storage system based on Docker for APM monitoring in IBM Instana Observability allows a attacker to gain access to read or modify data.

The vulnerability of the Docker-based data storage solution for APM monitoring in IBM Instana Observability involves a lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker operating remotely to gain access to read or modify data...

9.4CVSS7.8AI score0.08573EPSS
Exploits3References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.48 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2023-0014)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by multiple vulnerabilities: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to...

6.3CVSS7.7AI score0.02693EPSS
Exploits4References7
vulnersOsv
vulnersOsv
added 2023/04/10 4:37 p.m.7 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.9.2.1rc2) +139 more potentially affected by CVE-2023-29005 via flask-appbuilder (>=1.10.0 <=4.1.4)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.3, =0.0.6, =0.0.8 and more Source cves: CVE-2023-29005 Source advisory: OSV:GHSA-9HCR-9HCV-X6PV...

7.5CVSS7.1AI score0.00629EPSS
Exploits0
Packet Storm
Packet Storm
added 2023/04/10 12:0 a.m.314 views

IBM Instana 243-0 Missing Authentication

Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...

9.1CVSS9.2AI score0.08573EPSS
Exploits3
Gitee
Gitee
added 2023/04/07 4:5 p.m.6 views

Exploit for Incorrect Authorization in Vmware Spring_Security

CVE-2022-22978 POC environment CVE-2022-22978 Spring-Security bypass Demo 在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证 影响范围 Spring Security 5.5.x http://localhost:8080/admin/index%0a Docker docker pull s0cke3t/cve-2022-22978:latest...

9.8CVSS7.5AI score0.10037EPSS
Exploits6
Exploit DB
Exploit DB
added 2023/04/07 12:0 a.m.198 views

Docker based datastores for IBM Instana 241-2 243-0 - No Authentication

Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...

9.1CVSS9.4AI score0.08573EPSS
Exploits3
0day.today
0day.today
added 2023/04/07 12:0 a.m.238 views

Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Exploit

Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...

9.1CVSS9.1AI score0.08573EPSS
Exploits3
Veracode
Veracode
added 2023/04/06 7:31 p.m.37 views

Denial Of Service (DoS)

docker is vulnerable to Denial of Service DoS attacks. The injection of arbitrary ethernet frames allow remote attackers to enable denial of service attacks, such as establishing a UDP or TCP connection or smuggling packets into the overlay network...

8.7CVSS7.8AI score0.02733EPSS
Exploits1References12Affected Software2
Veracode
Veracode
added 2023/04/06 7:31 p.m.32 views

Information Disclosure

docker is vulnerable to Information Disclosure. Encrypted overlay networks on affected platforms silently transmit unencrypted data, without any confidentiality or data integrity guarantees. This can lead to unexpected secrets or user data disclosure, as many database protocols, internal APIs, et...

6.8CVSS6.7AI score0.00696EPSS
Exploits1References13Affected Software3
Veracode
Veracode
added 2023/04/06 7:31 p.m.37 views

Authorization Bypass

docker is vulnerable to Authorization Bypasses. Encrypted overlay networks can be used to inject arbitrary Ethernet frames into the network by encapsulating them in VXLAN datagrams...

6.8CVSS6.9AI score0.0144EPSS
Exploits0References10Affected Software2
Huntr
Huntr
added 2023/04/06 3:26 p.m.24 views

Stored XSS via Markdown Comment

Description Register one account on blog, if account was actived, it can be comment. \ We can commment with markdown.\ When another user clicks on the comment there may be an XSS alert. I git clone project and build with docker. Latest commit is: 07a1ded08eb4e0c6979f6aeebc35f3864ba250a7\ \ Proof ...

4.9CVSS6.2AI score0.00409EPSS
Exploits1References2
Veracode
Veracode
added 2023/04/06 2:51 p.m.18 views

Authentication Bypass

farmhaystack is vulnerable to Authentication Bypass. The vulnerability exists in docker-compose.yml due to the use of hard-coded, security-relevant constants which allows an attacker to make changes in the annotation process...

9.8CVSS8.9AI score0.00843EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/04/06 9:15 a.m.2 views

CVE-2023-1802

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and...

7.5CVSS7.1AI score0.00549EPSS
Exploits1References2
Rows per page
Query Builder