Lucene search
K

9270 matches found

Kitploit
Kitploit
added 2022/11/17 11:30 a.m.32 views

nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...

7.5AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.28 views

SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2022:3977-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3977-1 advisory. - CVE-2019-14806: Fixed insufficient debugger PIN randomness when running the development server in Docker containers bsc1145383. Tenable ha...

7.5CVSS6.9AI score0.02288EPSS
Exploits0References4
OSV
OSV
added 2022/11/16 12:0 p.m.13 views

GHSA-V535-PC6R-77QH Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin

CloudBees Docker Hub/Registry Notification Plugin provides several webhook endpoints that can be used to trigger builds when Docker images used by a job have been rebuilt. In CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier, these endpoints can be accessed without authenticatio...

5.3CVSS7.8AI score0.00566EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.57 views

Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin

CloudBees Docker Hub/Registry Notification Plugin provides several webhook endpoints that can be used to trigger builds when Docker images used by a job have been rebuilt. In CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier, these endpoints can be accessed without authenticatio...

7.5CVSS7.9AI score0.00566EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/16 12:0 a.m.48 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following: - CVE-2022-38751 on snakeyaml fixed train 2.346.x.0.z BEE-237...

9.8CVSS8AI score0.34819EPSS
Exploits3References26
OSV
OSV
added 2022/11/15 8:15 p.m.2 views

CVE-2022-45385

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

7.5CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.14 views

Design/Logic Flaw

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

5CVSS7.5AI score0.00566EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/15 8:6 a.m.5 views

SUSE-SU-2022:3977-1 Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: - CVE-2019-14806: Fixed insufficient debugger PIN randomness when running the development server in Docker containers bsc1145383...

7.5CVSS7.4AI score0.02288EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.30 views

CVE-2022-45385

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

7.8AI score0.00566EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.3 views

Jenkins Plugin CloudBees Docker Hub/Registry Notification 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin CloudBees...

7.5CVSS7.4AI score0.00566EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.4 views

CVE-2022-45385

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

6.7AI score0.00566EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.40 views

NewStart CGSL MAIN 6.02 : docker-ce Vulnerability (NS-SA-2022-0095)

The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by a vulnerability: - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for...

6CVSS7.5AI score0.01663EPSS
Exploits1References3
AlmaLinux
AlmaLinux
added 2022/11/15 12:0 a.m.63 views

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS8AI score0.03931EPSS
Exploits6References16
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.4 views

PT-2022-27487 · Cloudbees +1 · Jenkins Cloudbees Docker Hub/Registry Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees Docker Hub/Registry Notification Plugin versions 2.6.2 and earlier Description: A missing permission check in the Jenkins CloudBees Docker Hub/Registry Notification Plugin allows unauthenticated attackers to trigger builds o...

7.5CVSS7.7AI score0.00566EPSS
Exploits0References7
CVE
CVE
added 2022/11/15 12:0 a.m.278 views

CVE-2022-45385

CVE-2022-45385 concerns a missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin (versions 2.6.2 and earlier). The flaw allows unauthenticated users to trigger builds for attacker-specified repositories via webhook endpoints. Multiple connected advisories confirm th...

7.5CVSS7.6AI score0.00566EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/14 5:15 p.m.25 views

CVE-2022-0324

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp...

8.1CVSS0.01108EPSS
Exploits0References2
Prion
Prion
added 2022/11/14 5:15 p.m.16 views

Out-of-bounds

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp...

5CVSS7.8AI score0.01108EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/14 4:8 p.m.23 views

CVE-2022-0324 Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp...

8.1CVSS8.6AI score0.01108EPSS
Exploits0References2
CVE
CVE
added 2022/11/14 4:8 p.m.56 views

CVE-2022-0324

CVE-2022-0324 describes a buffer overflow in the DHCPv6 packet parsing code within dhcp6relay. The connected documents specify that a remote attacker could craft a DHCPv6 packet to trigger an out-of-bounds memcpy write, causing dhcp6relay to crash and potentially shutdown the related DHCP relay d...

8.1CVSS8AI score0.01108EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/11 12:3 a.m.45 views

GHSA-VP35-85Q5-9F25 Container build can leak any path on the host into the container

Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...

7.5AI score
Exploits0References5
Rows per page
Query Builder