9269 matches found
kraken 路径遍历漏洞
Uber Technologies kraken is a P2P-powered Docker registry from Uber Technologies. A path traversal vulnerability exists in kraken 0.1.4 and earlier versions, which stems from an arbitrary file read vulnerability via the component testfs...
ownCloud: Remote Code Execution on ownCloud instances with ImageMagick installed
A vulnerability in ownCloud instances with ImageMagick installed allowed attackers to execute arbitrary code on the system by uploading a specially crafted file and knowing the file path of a previously uploaded file. The vulnerability was due to the usage of ImageMagick for preview generation fo...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 Exploit Description In Spring Cloud Funct...
CVE-2023-22495
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...
Authentication flaw
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...
CVE-2023-22495 Izanami is vulnerable to Authorization Bypass
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...
CVE-2023-22495
CVE-2023-22495 affects Izanami, a shared configuration service for microservices. In versions prior to 1.11.0, an attacker could bypass authentication when running the official Docker image because a hard-coded secret signs the JWT token, enabling compromise of another Izanami instance. The vulne...
CVE-2023-22495 Izanami is vulnerable to Authorization Bypass
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...
Izanami 信任管理问题漏洞
Izanami is a shared configuration, feature flipping, and A/B testing server that is ideally suited for microservices architecture implementations. A security vulnerability exists in Izanami versions prior to 1.11.0 that stems from an attacker being able to bypass authentication in this applicatio...
PT-2023-18546 · Izanami · Izanami
Name of the Vulnerable Software and Affected Versions: Izanami versions prior to 1.11.0 Description: The issue allows attackers to bypass authentication in the application when deployed using the official Docker image. This is due to a hard-coded secret used to sign the authentication token JWT,...
Exploit for SQL Injection in Wordpress
SSI-CVE-2022-21661 Information System's Security 2nd Assignme...
[SECURITY] Fedora 37 Update: golang-github-docker-22.06.0~beta.0-7.fc37
Moby is an open-source project created by Docker to enable and accelerate software containerization. It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and...
[SECURITY] Fedora 37 Update: moby-engine-20.10.22-1.fc37
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...
Fedora: Security Advisory for moby-engine (FEDORA-2023-fde38dda12)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-docker (FEDORA-2023-6b9e2a6534)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...
CVE-2023-22475 Cross-Site Scripting in Canarytoken history
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken a URL can use this to execute...
CVE-2023-22475 Cross-Site Scripting in Canarytoken history
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken a URL can use this to execute...
PT-2023-18527 · Unknown · Canarytokens
Name of the Vulnerable Software and Affected Versions: Canarytokens versions prior to sha-fb61290 Description: A Cross-Site Scripting issue was identified in the history page of triggered Canarytokens. An attacker who discovers an HTTP-based Canarytoken can execute Javascript in the Canarytoken's...