Lucene search
K

9272 matches found

OpenVAS
OpenVAS
added 2022/11/04 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2707)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/11/04 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2706)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.4AI score0.02085EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/04 12:0 a.m.39 views

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-2707)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to versi...

7.8CVSS7.2AI score0.00386EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/04 12:0 a.m.30 views

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-2706)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distributi...

5CVSS6.9AI score0.02085EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/11/01 11:30 a.m.50 views

Cicd-Goat - A Deliberately Vulnerable CI/CD Environment

Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, capture the flags. Created by Cider Security. Description The CI/CD Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges, enacted against a real, full blown CI/...

7.4AI score
Exploits0References6
Trellix
Trellix
added 2022/11/01 12:0 a.m.149 views

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix, Charles McFarland, Sam Quinn · November 1, 2022 This story was also written by Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that were fix...

8.1AI score0.91153EPSS
Exploits7
Trellix
Trellix
added 2022/11/01 12:0 a.m.44 views

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602 By Trellix and Sam Quinn · November 1, 2022 This story was also written by Charles McFarland and Philippe Laulheret. What is it? CVE-2022-3786 and CVE-2022-3602 are buffer overflow vulnerabilities affecting OpenSSL 3.0 and above that we...

7.5CVSS8.1AI score0.91153EPSS
Exploits7
Kitploit
Kitploit
added 2022/10/31 11:30 a.m.48 views

Reverse_SSH - SSH Based Reverse Shell

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trus...

8.1AI score
Exploits0References3
OpenVAS
OpenVAS
added 2022/10/31 12:0 a.m.16 views

Fedora: Security Advisory for golang-github-distribution-3 (FEDORA-2022-739c7a0058)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.9AI score0.05994EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/10/31 12:0 a.m.10 views

Fedora: Security Advisory for golang-github-distribution-3 (FEDORA-2022-13ad572b5a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.9AI score0.05994EPSS
Exploits3References2
Fedora
Fedora
added 2022/10/30 9:0 p.m.32 views

[SECURITY] Fedora 36 Update: golang-github-distribution-3-3.0.0-0.1.pre1.20221009git0122d7d.fc36

The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-regis try project with a new API design, focused around security and performance...

9.3CVSS8.9AI score0.05994EPSS
Exploits4
Fedora
Fedora
added 2022/10/30 9:0 p.m.24 views

[SECURITY] Fedora 35 Update: golang-github-distribution-3-3.0.0-0.1.pre1.20221009git0122d7d.fc35

The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-regis try project with a new API design, focused around security and performance...

9.3CVSS8.9AI score0.05994EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/27 6:15 p.m.53 views

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-34903 DESCRIPTION: GnuPG could allow a remote attacker to conduct spoofing attacks, caused by a flaw when processing secret-key information from keyring. By sending a...

7.6CVSS8AI score0.07017EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2022/10/27 7:55 a.m.73 views

New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure...

0.6AI score
Exploits0
HackRead
HackRead
added 2022/10/26 8:0 a.m.21 views

New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes

By Deeba Ahmed The Austin, Texas-based American cybersecurity technology CrowdStrike has discovered a brand-new cryptojacking campaign in which attackers are targeting… This is a post from HackRead.com Read the original post: New Cryptojacking Campaign Kiss-a-dog Targeting Docker and Kubernetes...

4.3AI score
Exploits0
OSV
OSV
added 2022/10/25 7:54 p.m.24 views

GHSA-2C6M-6GQH-6QG3 Docker Command Escaping in the GitHub Actions Runner

Impact The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered that allows an input to escape the environment variable and modify th...

8.8CVSS9.5AI score0.01474EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/10/25 7:54 p.m.34 views

Docker Command Escaping in the GitHub Actions Runner

Impact The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered that allows an input to escape the environment variable and modify th...

9.9CVSS9.3AI score0.01474EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.21 views

Command injection

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

6.5CVSS9.6AI score0.01474EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/10/25 12:0 a.m.38 views

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

8.8CVSS9.1AI score0.01474EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.4 views

GitHub Actions Runner 操作系统命令注入漏洞

GitHub Actions Runner is an application that runs jobs from a GitHub Actions workflow. A security vulnerability exists in GitHub Actions Runner that stems from the presence of a logic error that allows input to escape an environment variable and directly modify that docker command call, Jobs that...

9.9CVSS8.1AI score0.01474EPSS
Exploits0References4
Rows per page
Query Builder