Lucene search
K

9260 matches found

The Hacker News
The Hacker News
added 2023/03/16 1:39 p.m.40 views

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2023/03/16 12:0 a.m.7 views

Play With Docker 安全漏洞

Play With Docker is an easy, interactive and fun training ground for learning Docker. A security vulnerability exists in Play With Docker version 0.0.2 and prior versions that stems from incorrect CORS configuration...

6.5CVSS6.4AI score0.00702EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.8 views

PT-2023-21567 · Docker · Play With Docker

Name of the Vulnerable Software and Affected Versions: Play With Docker versions 0.0.2 and prior Description: Play With Docker is a browser-based Docker playground. The issue arises from incorrect CORS configuration, allowing an attacker to bypass the CORS policy by setting the origin header in a...

6.5CVSS6.3AI score0.00702EPSS
Exploits0References8
Gitee
Gitee
added 2023/03/15 10:55 a.m.3 views

vulhub21

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and systems. The primary purpose of this repository is to provide a platform for researchers and security professionals to learn...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/15 10:11 a.m.77 views

New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining

Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. "The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening ...

1AI score
Exploits0
Fedora
Fedora
added 2023/03/15 1:10 a.m.41 views

[SECURITY] Fedora 37 Update: manifest-tool-2.0.8-1.fc37

This tool was mainly created for the purpose of viewing, creating, and pushing the new manifests list object type in the Docker registry. Manifest lists are defined in the v2.2 image specification and exist mainly for the purpose of supporting multi-architecture and/or multi-platform images withi...

7.8CVSS7.7AI score0.017EPSS
Exploits1
Fedora
Fedora
added 2023/03/15 12:49 a.m.43 views

[SECURITY] Fedora 36 Update: manifest-tool-2.0.8-1.fc36

This tool was mainly created for the purpose of viewing, creating, and pushing the new manifests list object type in the Docker registry. Manifest lists are defined in the v2.2 image specification and exist mainly for the purpose of supporting multi-architecture and/or multi-platform images withi...

7.8CVSS7.7AI score0.017EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/03/15 12:0 a.m.27 views

Fedora: Security Advisory for manifest-tool (FEDORA-2023-11dafed208)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1AI score
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/15 12:0 a.m.24 views

Fedora: Security Advisory for manifest-tool (FEDORA-2023-a4baceec07)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS8.1AI score0.00542EPSS
Exploits1References2
OSV
OSV
added 2023/03/13 12:15 p.m.3 views

CVE-2023-0629

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...

7.1CVSS7AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2023/03/13 12:15 p.m.25 views

CVE-2023-0629

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...

7.1CVSS6.9AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2023/03/13 12:15 p.m.5 views

CVE-2023-0628

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

7.8CVSS7.3AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2023/03/13 12:15 p.m.25 views

CVE-2023-0628

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

7.8CVSS6.7AI score0.00265EPSS
Exploits0References1
Prion
Prion
added 2023/03/13 12:15 p.m.20 views

Design/Logic Flaw

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

4.4CVSS7.7AI score0.00265EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/13 12:15 p.m.18 views

Design/Logic Flaw

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...

3.2CVSS6.9AI score0.00218EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2023/03/13 11:30 a.m.34 views

Graphicator - A GraphQL Enumeration And Extraction Tool

Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send request...

6.9AI score
Exploits0References1
CVE
CVE
added 2023/03/13 11:16 a.m.81 views

CVE-2023-0629

Summary: CVE-2023-0629 affects Docker Desktop prior to 4.17.0, where an unprivileged user can bypass Enhanced Container Isolation (ECI) by setting the Docker host to docker.raw.sock or npipe:////.pipe/docker_engine_linux (Windows) via -H/DOCKER_HOST, allowing containers to run with reduced harden...

7.1CVSS6.9AI score0.00218EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/13 11:16 a.m.23 views

CVE-2023-0629 Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...

7.1CVSS7.1AI score0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/13 11:16 a.m.9 views

CVE-2023-0629 Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...

7.1CVSS7AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/13 11:16 a.m.29 views

CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

6.1CVSS8AI score0.00265EPSS
Exploits0References1
Rows per page
Query Builder