Lucene search
K

9259 matches found

CVE
CVE
added 2023/04/04 9:7 p.m.742 views

CVE-2023-28842

CVE-2023-28842 affects Moby/dockerd, specifically Swarm overlay with encrypted VXLAN: an endpoint on an encrypted overlay can be unauthenticated, allowing cleartext VXLAN traffic to be injected or leaked under certain conditions. The issue stems from how iptables rules and IPsec handling are appl...

6.8CVSS7.6AI score0.0144EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2023/04/04 9:7 p.m.32 views

CVE-2023-28842

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

6.8CVSS7AI score0.0144EPSS
Exploits0
OSV
OSV
added 2023/04/04 9:7 p.m.41 views

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

6.8CVSS7.2AI score0.0144EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2023/04/04 8:8 p.m.429 views

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-POC A simple demo application that shows how to...

9.8CVSS8.1AI score0.99931EPSS
Exploits41
BDU FSTEC
BDU FSTEC
added 2023/04/02 12:0 a.m.5 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper protection of an alternative path, allowing a attacker to execute arbitrary code.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

7.8CVSS7.5AI score0.00265EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2023/04/01 7:20 p.m.239 views

Exploit for Incorrect Authorization in Cacti

Cacti v1.2.22 command injection CVE-2022-46169 vulnerable ap...

9.8CVSS10AI score0.99826EPSS
Exploits48
Kitploit
Kitploit
added 2023/04/01 11:30 a.m.24 views

Noseyparker - A Command-Line Program That Finds Secrets And Sensitive Information In Textual Data And Git History

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features: It supports scanning files, directories, and the entire history of Git repositories It uses regular expression matching...

7.1AI score
Exploits0References10
OSV
OSV
added 2023/03/30 8:17 p.m.40 views

GHSA-M8CG-XC2P-R3FC rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

Impact It was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g.., docker|podman|nerdctl run --cgroupns=host, with Rootless...

2.5CVSS6.5AI score0.00327EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/03/30 1:44 a.m.3 views

SUSE CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

2.5CVSS6.9AI score0.00327EPSS
Exploits1References14
Exploit DB
Exploit DB
added 2023/03/30 12:0 a.m.192 views

Covenant v0.5 - Remote Code Execution (RCE)

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.427 views

Covenant 0.5 Remote Code Execution

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...

6.8AI score
Exploits0
Prion
Prion
added 2023/03/29 7:15 p.m.29 views

Design/Logic Flaw

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

4.3CVSS6.8AI score0.00327EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2023/03/29 6:22 p.m.54 views

CVE-2023-25809

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

6.3CVSS6.9AI score0.00327EPSS
Exploits1
Cvelist
Cvelist
added 2023/03/29 6:22 p.m.34 views

CVE-2023-25809 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc

runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes /sys/fs/cgroup writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup...

5CVSS7.2AI score0.00327EPSS
Exploits1References2
Huntr
Huntr
added 2023/03/29 4:49 p.m.21 views

Stored XSS on Multiple Edit Page

Description A stored XSS with alert on Editing page. \ I clone repo from master branch and build with docker. Footer show: Version: 1.3.4 Proof of Concept Request image Request raw: POST /api/saveedit HTTP/1.1 Host: 192.168.125.131 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0...

4.9CVSS6.3AI score0.00346EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/03/29 12:0 a.m.37 views

SUSE SLES12 Security Update : docker (SUSE-SU-2023:1625-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1625-1 advisory. - CVE-2022-36109: Fixed a supplementary group permissions bypass bsc1205375. Update to 20.10.23-ce...

6.3CVSS6.7AI score0.00807EPSS
Exploits0References6
Kitploit
Kitploit
added 2023/03/28 11:30 a.m.50 views

Decider - A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

What is it? The Short A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. The Long Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating...

7.3AI score
Exploits0References6
OSV
OSV
added 2023/03/28 10:5 a.m.7 views

SUSE-SU-2023:1625-1 Security update for docker

This update for docker fixes the following issues: - CVE-2022-36109: Fixed a supplementary group permissions bypass bsc1205375. Update to 20.10.23-ce https://docs.docker.com/engine/release-notes/201023. - drop kubic flavor as kubic is EOL. Update to Docker 20.10.21-ce...

6.3CVSS6.6AI score0.00807EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.4 views

PT-2023-7465 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.17.x Description: The issue is related to the transmission of registry data in plain text due to the use of HTTP instead of HTTPS in the Artifactory module of Docker Desktop. This can allow a remote attacker to gain...

7.5CVSS7.5AI score0.00549EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2023-0009)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.08519EPSS
Exploits0References9
Rows per page
Query Builder