Lucene search
K

9267 matches found

Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.36 views

Improper Input Validation in Docker Engine

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...

6CVSS2.5AI score0.02839EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/02/15 1:57 a.m.23 views

GHSA-8FVR-5RQF-3WWH Information Exposure in Docker Engine

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

8.4CVSS7.3AI score0.00548EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/02/15 1:18 a.m.46 views

Symlink Attack in Libcontainer and Docker Engine

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image...

7.2CVSS7.9AI score0.00609EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/02/15 1:18 a.m.22 views

GHSA-G7V2-2QXX-WJRW Symlink Attack in Libcontainer and Docker Engine

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image...

7.2CVSS6.7AI score0.00609EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/02/15 12:41 a.m.77 views

Directory Traversal in Docker

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

6.4CVSS8.1AI score0.02527EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/02/15 12:41 a.m.130 views

GHSA-QMMC-JPPF-32WV Directory Traversal in Docker

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...

6.5CVSS8.2AI score0.02527EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/02/15 12:41 a.m.57 views

Arbitrary Code Execution in Docker

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

7.5CVSS7.2AI score0.04909EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/02/15 12:41 a.m.28 views

GHSA-5QGP-P5JC-W2RM Arbitrary Code Execution in Docker

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

7.3CVSS8.4AI score0.04909EPSS
Exploits0References9
OSV
OSV
added 2022/02/15 12:40 a.m.27 views

GHSA-WXJ3-QWV4-CVFM Privilege Escalation in Docker

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...

8.4CVSS8.2AI score0.00393EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/02/15 12:40 a.m.71 views

Privilege Escalation in Docker

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...

7.2CVSS6.4AI score0.00393EPSS
Exploits1References7Affected Software1
GithubExploit
GithubExploit
added 2022/02/15 12:0 a.m.648 views

Exploit for SQL Injection in Phpipam

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin u...

7.2CVSS7AI score0.25243EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2022/02/15 12:0 a.m.84 views

Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.5, or 2.x prior to 2.319.2.5. It is, therefore, affected by a multiple vulnerabilities, including the following: - Jenkins Docker Commons Plugin 1.17 and earlier does not...

9CVSS6.4AI score0.81842EPSS
Exploits0References25
CNVD
CNVD
added 2022/02/15 12:0 a.m.56 views

Portainer code issue vulnerability

A code issue vulnerability exists in Portainer Agent, a lightweight user management interface for managing Docker environments and Docker hosts, which stems from the product's failure to associate Portainer instances with past time. An attacker could exploit the vulnerability to cause the API...

9.8CVSS2.3AI score0.01619EPSS
Exploits0References1
Kitploit
Kitploit
added 2022/02/12 11:30 a.m.30 views

Cloudsploit - Cloud Security Posture Management (CSPM)

Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ npm install $ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ docker build . -t cloudsploit:0.0.1 $ docker run cloudsploit:0.0.1 -h $ docker run -...

7AI score
Exploits0References42
Github Security Blog
Github Security Blog
added 2022/02/11 11:27 p.m.205 views

containerd v1.2.x can be coerced into leaking credentials during image pull

Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...

6.1CVSS0.6AI score0.02209EPSS
Exploits1References9Affected Software1
Kitploit
Kitploit
added 2022/02/11 8:30 p.m.37 views

Dive - A Tool For Exploring Each Layer In A Docker Image

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image. To analyze a Docker image simply run dive with an image tag/id/digest: dive or if you want to build your image then jump straight into analyzing it: dive build -t . Building on...

7.3AI score
Exploits0References4
GithubExploit
GithubExploit
added 2022/02/11 3:45 p.m.23 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Apache Tomcat Deserialization Vulnerability CVE-2020-9484...

7CVSS6.6AI score0.56636EPSS
Exploits15
RedHat Linux
RedHat Linux
added 2022/02/10 6:11 a.m.4 views

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

8.8CVSS5.9AI score0.02277EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/02/10 12:30 a.m.7 views

org.apache.unomi:unomi-docker (>=1.5.0 <=1.5.1) potentially affected by CVE-2020-13942 via org.apache.unomi:unomi (>=1.5.0 <=1.5.1)

org.apache.unomi:unomi MAVEN version =1.5.0, =1.5.0, =1.5.1 Source cves: CVE-2020-13942 Source advisory: OSV:GHSA-XP5J-WJ4H-2JQ9...

9.8CVSS7.2AI score0.68398EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2022/02/10 12:0 a.m.53 views

RHEL 8 : OpenShift Container Platform 4.9.19 (RHSA-2022:0339)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0339 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

8.8CVSS6.9AI score0.02277EPSS
Exploits0References6
Rows per page
Query Builder