Lucene search
K

9278 matches found

Fedora
Fedora
added 2022/09/15 1:57 a.m.40 views

[SECURITY] Fedora 36 Update: moby-engine-20.10.18-1.fc36

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

6.3CVSS6.7AI score0.00807EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/09/15 12:0 a.m.30 views

RHEL 7 : docker (RHSA-2021:2144)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2144 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs...

8.5CVSS7.5AI score0.06604EPSS
Exploits0References5
Gitee
Gitee
added 2022/09/14 12:59 a.m.5 views

Exploit for SQL Injection in Zabbix

This is a comprehensive and well-structured vulnerability hub repository. Here's a concise analysis of the provided information: Classification: It is an offensive tool for various vulnerability exploitation and testing purposes. CVE IDs: The repository contains references to several CVE IDs,...

9.8CVSS7.1AI score0.83284EPSS
Exploits28
Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.3 views

PT-2022-6457 · Docker +10 · Moby +10

Name of the Vulnerable Software and Affected Versions: containerd versions prior to 1.6.18 and 1.5.18 Moby Docker Engine versions prior to 20.10.18 CRI-O affected versions not specified Buildah affected versions not specified Podman affected versions not specified Description: A bug was found in...

9.8CVSS6.8AI score0.27392EPSS
Exploits11References203
Tenable Nessus
Tenable Nessus
added 2022/09/14 12:0 a.m.38 views

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2022-2283)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version...

7.8CVSS7.2AI score0.00386EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/14 12:0 a.m.38 views

EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2022-2312)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version...

7.8CVSS7.2AI score0.00386EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/14 12:0 a.m.42 views

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-2311)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...

7.5CVSS7.3AI score0.02693EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2022/09/14 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2311)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.02693EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/09/14 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-2312)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/09/14 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-2283)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2022/09/13 7:15 p.m.27 views

CVE-2022-39206

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

9.9CVSS0.0165EPSS
Exploits1References3
Prion
Prion
added 2022/09/13 7:15 p.m.15 views

Buffer overflow

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

6.5CVSS9.4AI score0.0165EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/09/13 6:50 p.m.17 views

CVE-2022-39206 CI/CD Docker Escape in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

9.9CVSS8.9AI score0.0165EPSS
Exploits1References5
CVE
CVE
added 2022/09/13 6:50 p.m.69 views

CVE-2022-39206

CVE-2022-39206 affects OneDev. When using Docker-based job executors, the Docker socket (e.g., /var/run/docker.sock) is mounted into each Docker step, enabling users who can define/trigger CI/CD jobs to control the host daemon. This can allow regular (non-admin) users to break out of containers a...

9.9CVSS9.6AI score0.0165EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/09/13 6:50 p.m.23 views

CVE-2022-39206 CI/CD Docker Escape in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

9.9CVSS9.8AI score0.0165EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/13 6:50 p.m.5 views

CVE-2022-39206 CI/CD Docker Escape in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

9.9CVSS9.7AI score0.0165EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.6 views

PT-2022-24806 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket is mounted into each Docker step, allowing users who can define and...

9.9CVSS9.4AI score0.0165EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.3 views

Theonedev Onedev 授权问题漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev An authorization issue...

9.9CVSS8.3AI score0.0165EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/09/12 12:0 a.m.5 views

The vulnerability of the Docker Engine software, related to deficiencies in authentication mechanisms, allows a malicious actor to execute arbitrary code.

The vulnerability of the Docker Engine software relates to deficiencies in its authentication mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7AI score0.00807EPSS
Exploits0References6Affected Software2
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/09/12 12:0 a.m.18 views

Security Breaks: TeamTNT’s DockerHub Credentials Leak

One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in...

2.2AI score
Exploits0
Rows per page
Query Builder