Lucene search
K

9273 matches found

OSV
OSV
added 2023/02/06 11:27 p.m.47 views

GHSA-8MJG-8C8G-6H85 Kubernetes Sensitive Information leak via Log File

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

4.7CVSS5.4AI score0.00461EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/06 12:0 a.m.46 views

Insertion of Sensitive Information into Log File

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

5.5CVSS3.5AI score0.00461EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/02/03 10:15 p.m.19 views

CVE-2023-22746

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS8.7AI score0.00693EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/03 9:7 p.m.6 views

CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS8.9AI score0.00693EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/03 9:7 p.m.22 views

CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS8.9AI score0.00693EPSS
Exploits0References3
CVE
CVE
added 2023/02/03 9:7 p.m.58 views

CVE-2023-22746

CVE-2023-22746 affects CKAN Docker-based deployments where a default, shared secret key is used across multiple instances unless overridden in the container’s .env. The vulnerability allows forging authentication requests between CKAN instances when the default secret key is not customized. Affec...

8.6CVSS7.9AI score0.00693EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/03 9:7 p.m.41 views

CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS7.5AI score0.00693EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2023/02/02 1:42 a.m.451 views

Exploit for Argument Injection in Atlassian Bitbucket

Atlassian-Bitbucket-Server-CVE-2022-36804 A critical command...

8.8CVSS9.1AI score0.99174EPSS
Exploits24
RedhatCVE
RedhatCVE
added 2023/02/01 9:37 a.m.39 views

CVE-2022-37708

A flaw was found in Docker, which is vulnerable to insecure permissions. This flaw allows unauthorized users outside the Docker container to access any files within the Docker container...

6.8CVSS4.4AI score
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/01/31 10:15 p.m.24 views

CVE-2022-37708

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

6.7AI score
Exploits1References4
Spring Security Advisories
Spring Security Advisories
added 2023/01/31 12:0 a.m.19 views

This Week in Spring - January 31st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...

Exploits0
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.2 views

编号撤回

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrade of applications via...

6.9AI score
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/01/31 12:0 a.m.2 views

PT-2023-13549 · Docker · Docker

Name of the Vulnerable Software and Affected Versions: Docker version 20.10.15 Description: The issue allows unauthorized users outside the Docker container to access any files within the Docker container due to insecure permissions. Recommendations: For Docker version 20.10.15, consider...

6.8CVSS6.5AI score
Exploits1References8
Spring Security Advisories
Spring Security Advisories
added 2023/01/31 12:0 a.m.15 views

This Week in Spring - January 31st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...

Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/28 12:0 a.m.2276 views

SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2023:0187-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0187-1 advisory. podman was updated to version 4.3.1: 4.3.1: Bugfixes - Fixed a deadlock between the podman ps and podman container...

7.5CVSS6.5AI score0.02085EPSS
Exploits3References20
Prion
Prion
added 2023/01/27 9:15 p.m.20 views

Design/Logic Flaw

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...

5CVSS5AI score0.00623EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/01/27 8:43 p.m.27 views

CVE-2022-39380 wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...

5.3CVSS5.2AI score0.00623EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-4856-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.6AI score0.00406EPSS
Exploits0References2
0day.today
0day.today
added 2023/01/25 12:0 a.m.1417 views

Cacti 1.2.22 Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS10AI score0.99826EPSS
Exploits48
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.53 views

Amazon Linux 2022 : containerd, containerd-stress (ALAS2022-2022-210)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-210 advisory. A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary...

7.5CVSS7.3AI score0.27392EPSS
Exploits4References9
Rows per page
Query Builder