9270 matches found
nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services
nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...
SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2022:3977-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3977-1 advisory. - CVE-2019-14806: Fixed insufficient debugger PIN randomness when running the development server in Docker containers bsc1145383. Tenable ha...
GHSA-V535-PC6R-77QH Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
CloudBees Docker Hub/Registry Notification Plugin provides several webhook endpoints that can be used to trigger builds when Docker images used by a job have been rebuilt. In CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier, these endpoints can be accessed without authenticatio...
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
CloudBees Docker Hub/Registry Notification Plugin provides several webhook endpoints that can be used to trigger builds when Docker images used by a job have been rebuilt. In CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier, these endpoints can be accessed without authenticatio...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following: - CVE-2022-38751 on snakeyaml fixed train 2.346.x.0.z BEE-237...
CVE-2022-45385
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...
Design/Logic Flaw
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...
SUSE-SU-2022:3977-1 Security update for python-Werkzeug
This update for python-Werkzeug fixes the following issues: - CVE-2019-14806: Fixed insufficient debugger PIN randomness when running the development server in Docker containers bsc1145383...
CVE-2022-45385
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...
Jenkins Plugin CloudBees Docker Hub/Registry Notification 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin CloudBees...
CVE-2022-45385
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...
NewStart CGSL MAIN 6.02 : docker-ce Vulnerability (NS-SA-2022-0095)
The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by a vulnerability: - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for...
Moderate: buildah security and bug fix update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
PT-2022-27487 · Cloudbees +1 · Jenkins Cloudbees Docker Hub/Registry Notification Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees Docker Hub/Registry Notification Plugin versions 2.6.2 and earlier Description: A missing permission check in the Jenkins CloudBees Docker Hub/Registry Notification Plugin allows unauthenticated attackers to trigger builds o...
CVE-2022-45385
CVE-2022-45385 concerns a missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin (versions 2.6.2 and earlier). The flaw allows unauthenticated users to trigger builds for attacker-specified repositories via webhook endpoints. Multiple connected advisories confirm th...
CVE-2022-0324
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp...
Out-of-bounds
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp...
CVE-2022-0324 Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp...
CVE-2022-0324
CVE-2022-0324 describes a buffer overflow in the DHCPv6 packet parsing code within dhcp6relay. The connected documents specify that a remote attacker could craft a DHCPv6 packet to trigger an out-of-bounds memcpy write, causing dhcp6relay to crash and potentially shutdown the related DHCP relay d...
GHSA-VP35-85Q5-9F25 Container build can leak any path on the host into the container
Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...