Lucene search
K

9269 matches found

CNNVD
CNNVD
added 2023/01/20 12:0 a.m.4 views

kraken 路径遍历漏洞

Uber Technologies kraken is a P2P-powered Docker registry from Uber Technologies. A path traversal vulnerability exists in kraken 0.1.4 and earlier versions, which stems from an arbitrary file read vulnerability via the component testfs...

7.5CVSS7.3AI score0.00799EPSS
Exploits1References2
Hacker One
Hacker One
added 2023/01/18 11:7 p.m.206 views

ownCloud: Remote Code Execution on ownCloud instances with ImageMagick installed

A vulnerability in ownCloud instances with ImageMagick installed allowed attackers to execute arbitrary code on the system by uploading a specially crafted file and knowing the file path of a previously uploaded file. The vulnerability was due to the usage of ImageMagick for preview generation fo...

7.9AI score
Exploits0
GithubExploit
GithubExploit
added 2023/01/15 9:39 p.m.254 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 Exploit Description In Spring Cloud Funct...

9.8CVSS9.7AI score0.99939EPSS
Exploits36
NVD
NVD
added 2023/01/14 1:15 a.m.24 views

CVE-2023-22495

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

9.8CVSS9.6AI score0.01147EPSS
Exploits1References2
Prion
Prion
added 2023/01/14 1:15 a.m.16 views

Authentication flaw

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

7.5CVSS9.4AI score0.01147EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/01/14 12:47 a.m.35 views

CVE-2023-22495 Izanami is vulnerable to Authorization Bypass

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

9.8CVSS9.7AI score0.01147EPSS
Exploits1References2
CVE
CVE
added 2023/01/14 12:47 a.m.67 views

CVE-2023-22495

CVE-2023-22495 affects Izanami, a shared configuration service for microservices. In versions prior to 1.11.0, an attacker could bypass authentication when running the official Docker image because a hard-coded secret signs the JWT token, enabling compromise of another Izanami instance. The vulne...

9.8CVSS9.6AI score0.01147EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/14 12:47 a.m.9 views

CVE-2023-22495 Izanami is vulnerable to Authorization Bypass

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

9.8CVSS9.8AI score0.01147EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/01/14 12:0 a.m.2 views

Izanami 信任管理问题漏洞

Izanami is a shared configuration, feature flipping, and A/B testing server that is ideally suited for microservices architecture implementations. A security vulnerability exists in Izanami versions prior to 1.11.0 that stems from an attacker being able to bypass authentication in this applicatio...

9.8CVSS8.3AI score0.01147EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/01/14 12:0 a.m.7 views

PT-2023-18546 · Izanami · Izanami

Name of the Vulnerable Software and Affected Versions: Izanami versions prior to 1.11.0 Description: The issue allows attackers to bypass authentication in the application when deployed using the official Docker image. This is due to a hard-coded secret used to sign the authentication token JWT,...

9.8CVSS9.4AI score0.01147EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2023/01/13 1:31 p.m.360 views

Exploit for SQL Injection in Wordpress

SSI-CVE-2022-21661 Information System's Security 2nd Assignme...

8CVSS8.2AI score0.97795EPSS
Exploits14
Fedora
Fedora
added 2023/01/11 1:22 a.m.25 views

[SECURITY] Fedora 37 Update: golang-github-docker-22.06.0~beta.0-7.fc37

Moby is an open-source project created by Docker to enable and accelerate software containerization. It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and...

9.8CVSS6.7AI score0.44708EPSS
Exploits0
Fedora
Fedora
added 2023/01/11 1:22 a.m.37 views

[SECURITY] Fedora 37 Update: moby-engine-20.10.22-1.fc37

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

7.5CVSS6.5AI score0.08519EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/01/11 12:0 a.m.35 views

Fedora: Security Advisory for moby-engine (FEDORA-2023-fde38dda12)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2023/01/11 12:0 a.m.17 views

Fedora: Security Advisory for golang-github-docker (FEDORA-2023-6b9e2a6534)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.7AI score0.44708EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/01/09 2:3 p.m.42 views

Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/09 2:3 p.m.3 views

Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...

8.5AI score
Exploits0
Cvelist
Cvelist
added 2023/01/06 2:31 p.m.25 views

CVE-2023-22475 Cross-Site Scripting in Canarytoken history

Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken a URL can use this to execute...

6.3CVSS6.2AI score0.0052EPSS
Exploits0References3
OSV
OSV
added 2023/01/06 2:31 p.m.22 views

CVE-2023-22475 Cross-Site Scripting in Canarytoken history

Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken a URL can use this to execute...

6.3CVSS5.7AI score0.0052EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.4 views

PT-2023-18527 · Unknown · Canarytokens

Name of the Vulnerable Software and Affected Versions: Canarytokens versions prior to sha-fb61290 Description: A Cross-Site Scripting issue was identified in the history page of triggered Canarytokens. An attacker who discovers an HTTP-based Canarytoken can execute Javascript in the Canarytoken's...

6.3CVSS6AI score0.0052EPSS
Exploits0References7
Rows per page
Query Builder