Lucene search
K

9260 matches found

Huntr
Huntr
added 2023/03/22 6:47 p.m.29 views

Annotation tool: token forgery using jwt secret to claim super admin role

Although the annotator tool's source code is not directly provided in the repository a docker image is provided. From there it is easy to get access to the source code by either extracting the docker tar image, which can be exported from docker itself, or connecting to the container with an...

7.5CVSS8.8AI score0.00843EPSS
Exploits1
Amazon
Amazon
added 2023/03/22 12:0 a.m.9 views

Medium: containerd

Issue Overview: A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on...

7.5CVSS6.3AI score0.27392EPSS
Exploits4
Amazon
Amazon
added 2023/03/22 12:0 a.m.3 views

Low: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Affected Packages: docker Issue Correction: Run dnf update docker --releasever 2023.0.20230322 or dnf update --advisory...

6.3CVSS6.3AI score0.00807EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.47 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-079)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-079 advisory. A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary...

7.5CVSS7.3AI score0.27392EPSS
Exploits4References10
Gitee
Gitee
added 2023/03/20 3:31 p.m.4 views

vulhub

This repository is an offensive tool for a variety of areas, including web application security, container security, and more. It contains a collection of vulnerable environments and tools for testing and learning about various security vulnerabilities. The repository includes a range of tools an...

7.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.55 views

CBL Mariner 2.0 Security Update: podman (CVE-2022-27649)

The version of podman installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-27649 advisory. - A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A...

7.5CVSS7.2AI score0.01441EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.32 views

CBL Mariner 2.0 Security Update: buildah (CVE-2022-27651)

The version of buildah installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-27651 advisory. - A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A...

6.8CVSS7.4AI score0.01225EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/20 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-1546)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.2AI score0.01022EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/20 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-1521)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.2AI score0.01022EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/19 12:0 a.m.29 views

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2023-1521)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the...

6.5CVSS7.3AI score0.01022EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/18 12:0 a.m.50 views

SUSE SLES15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2023:0795-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0795-1 advisory. Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/201023 Docker was...

6.3CVSS6.8AI score0.00807EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/03/17 2:43 p.m.24 views

Authorization Bypass Through User-Controlled Key play-with-docker

Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information. Patche...

6.5CVSS6.3AI score0.00702EPSS
Exploits0References4Affected Software1
Kitploit
Kitploit
added 2023/03/17 11:30 a.m.46 views

Wifi_Db - Script To Parse Aircrack-ng Captures To A SQLite Database

Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes in 22000 hashcat format, MGT identities, interesting relations between APs, clients and it's Probes, WPS information and a global view of all the APs seen. / | | || | \ \ /\ / /| || | | | / ...

7.3AI score
Exploits0References7
OSV
OSV
added 2023/03/17 8:13 a.m.9 views

SUSE-SU-2023:0795-1 Security update for docker

This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/201023 Docker was updated to 20.10.21-ce bsc1206065 See upstream changelog at https://docs.docker.com/engine/release-notes/201021 Security...

6.3CVSS6.6AI score0.00807EPSS
Exploits0References4
NVD
NVD
added 2023/03/16 5:15 p.m.29 views

CVE-2023-28109

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

6.5CVSS6.3AI score0.00702EPSS
Exploits0References2
Prion
Prion
added 2023/03/16 5:15 p.m.12 views

Design/Logic Flaw

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

4.3CVSS6.3AI score0.00702EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/16 4:49 p.m.9 views

CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

6.5CVSS6.4AI score0.00702EPSS
Exploits0References2
OSV
OSV
added 2023/03/16 4:49 p.m.12 views

CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

6.5CVSS6.3AI score0.00702EPSS
Exploits0References4
CVE
CVE
added 2023/03/16 4:49 p.m.57 views

CVE-2023-28109

Play With Docker (browser-based Docker playground) is affected by a CORS configuration vulnerability. Versions 0.0.2 and earlier allow domain hijacking: an attacker can craft requests with Origin header set to evil-play-with-docker.com, causing the server to echo header values in responses and by...

6.5CVSS6.3AI score0.00702EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/16 4:49 p.m.39 views

CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

6.5CVSS6.5AI score0.00702EPSS
Exploits0References2
Rows per page
Query Builder