Lucene search
K

9278 matches found

OSV
OSV
added 2022/06/17 1:11 a.m.25 views

GHSA-G63H-Q855-VP3Q Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users

Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message b...

5.9CVSS5.1AI score0.00308EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/06/17 1:11 a.m.87 views

Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users

Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message b...

5.9CVSS5.1AI score0.00308EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/06/17 12:0 a.m.47 views

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-1886)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container...

7.8CVSS6.3AI score0.03236EPSS
Exploits7References6
OpenVAS
OpenVAS
added 2022/06/17 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1886)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.8AI score0.03236EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2022/06/16 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1836)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.27392EPSS
Exploits4References2
NVD
NVD
added 2022/06/15 10:15 p.m.14 views

CVE-2022-30137

Executive Summary An Elevation of Privilege EOP vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an attacker to gain remote code execution within a container. All Service Fabric and Docker versions are...

6.7CVSS0.01164EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/15 10:15 p.m.2 views

CVE-2022-30137

Executive Summary An Elevation of Privilege EOP vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an attacker to gain remote code execution within a container. All Service Fabric and Docker versions are...

6.7CVSS7.5AI score0.01164EPSS
Exploits0References3
Prion
Prion
added 2022/06/15 10:15 p.m.17 views

Remote code execution

Executive Summary An Elevation of Privilege EOP vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an attacker to gain remote code execution within a container. All Service Fabric and Docker versions are...

4.6CVSS7.2AI score0.01164EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/06/15 12:0 a.m.25 views

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1860)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1,...

7.5CVSS7.5AI score0.27392EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2022/06/15 12:0 a.m.7 views

Fedora: Security Advisory for moby-engine (FEDORA-2022-cea20dae0b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2022/06/15 12:0 a.m.11 views

Fedora: Security Advisory for golang-github-docker-libnetwork (FEDORA-2022-cea20dae0b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
The Hacker News
The Hacker News
added 2022/06/14 9:30 a.m.34 views

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs o...

1AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/06/14 7:0 a.m.33 views

Azure Service Fabric Container Elevation of Privilege Vulnerability

Executive Summary An Elevation of Privilege EOP vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an attacker to gain remote code execution within a container. All Service Fabric and Docker versions are...

6.7CVSS6.3AI score0.01164EPSS
Exploits0
Fedora
Fedora
added 2022/06/14 1:47 a.m.22 views

[SECURITY] Fedora 36 Update: moby-engine-20.10.17-2.fc36

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

7.2AI score
Exploits0
0day.today
0day.today
added 2022/06/14 12:0 a.m.359 views

Sourcegraph Gitserver 3.36.3 - Remote Code Execution Exploit

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remote code execution...

8.8CVSS8.6AI score0.7431EPSS
Exploits8
OpenVAS
OpenVAS
added 2022/06/14 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1825)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.27392EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2022/06/14 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1820)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.27392EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2022/06/14 12:0 a.m.9 views

Mageia: Security Advisory (MGASA-2022-0227)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.00377EPSS
Exploits0References4
ICS
ICS
added 2022/06/14 12:0 a.m.123 views

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Multiple 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause crashes and unrestricted file access, impacting the...

9.8CVSS8.3AI score0.88106EPSS
Exploits106References11
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.328 views

Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...

8.8CVSS7AI score0.7431EPSS
Exploits8
Rows per page
Query Builder