Lucene search
K

9264 matches found

Kitploit
Kitploit
added 2022/01/22 11:30 a.m.121 views

Pwndora - Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home

Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets, each result is stored in Elasticsearch. You can integrate with Kibana to be able to visualize and manipulate dat...

6.9AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/01/21 12:0 a.m.10 views

Dockerfile Detected

Docker is one of the most popular platform using virtualization at the operating system level to deliver software in packages called containers. To take advantage of cloud based infrastructures, developers often build their applications on top of the microservices architecture pattern with one or...

7.3AI score
Exploits0References2
Amazon
Amazon
added 2022/01/20 12:0 a.m.44 views

Important: runc

Issue Overview: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVE-2019-16884 A flaw was...

7.5CVSS6.7AI score0.04409EPSS
Exploits1
NVD
NVD
added 2022/01/19 6:15 a.m.10 views

CVE-2021-31821

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...

5.5CVSS0.00185EPSS
Exploits0References1
OSV
OSV
added 2022/01/19 6:15 a.m.12 views

CVE-2021-31821

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...

5.5CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2022/01/19 6:15 a.m.18 views

Design/Logic Flaw

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...

2.1CVSS5.6AI score0.00185EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/19 5:25 a.m.101 views

CVE-2021-31821

CVE-2021-31821 affects the Windows Tentacle docker image; on startup it logs commands and arguments, exposing the Octopus Server API key in plaintext. Linux Docker image is not affected. CVSS data indicate Confidentiality Impact HIGH (3.1; base 5.5) and Local, Low complexity access. No remediatio...

5.5CVSS5.5AI score0.00185EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/19 5:25 a.m.14 views

CVE-2021-31821

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...

5.8AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.4 views

Octopus Server 信息泄露漏洞

Octopus Server is an automated deployment platform. An information disclosure vulnerability exists in Octopus Server that stems from the fact that when a Windows Tentacle docker image is started, it logs all the commands that it runs as well as the parameters that are written in plaintext to the...

5.5CVSS5.8AI score0.00185EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/01/18 11:30 a.m.13 views

Driftwood - Private Key Usage Verification

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password...

7.5AI score
Exploits0References2
GithubExploit
GithubExploit
added 2022/01/18 12:9 a.m.485 views

Exploit for Classic Buffer Overflow in Ipuptime Pinkie

Introduction This repository is setup to quickly test the log...

7.5CVSS7.8AI score0.0293EPSS
Exploits1
Huntr
Huntr
added 2022/01/13 4:39 a.m.19 views

Improper Input Validation in chatwoot/chatwoot

Description This vulnerability impacts all fields sent to Chatwoot. Any field that has an excessive amount of characters in it will cause the agent's page to take an abnormal amount of time to load, often requiring the content to be removed before the page will load. In my example, I put 20000000...

0.4AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/01/13 12:1 a.m.5 views

com.groupon.jenkins-ci.plugins:DotCi (>=1.1.1 <=2.36.2), com.groupon.jenkins-ci.plugins:DotCi-DockerPublish (>=1.0.0 <=1.0.3) +10 more potentially affected by CVE-2022-20615 via org.jenkins-ci.plugins:matrix-project (=1.2)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:matrix-project and may be impacted: - com.groupon.jenkins-ci.plugins:DotCi =1.1.1, =1.0.0, =1.0.1, =1.1.3, =1.1.0, =1.0.0,...

5.4CVSS6.6AI score0.81842EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/01/13 12:1 a.m.5 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +39 more potentially affected by CVE-2022-20616 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.24)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2022-20616 Source advisory: OSV:GHSA-GQM2-2GCX-P88W...

4.3CVSS5.8AI score0.00852EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/01/13 12:1 a.m.5 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.cloudbees.jenkins.plugins:docker-custom-build-environment (>=1.2 <=1.7.3) +14 more potentially affected by CVE-2022-20617 via org.jenkins-ci.plugins:docker-commons (>=1.0 <=1.15)

org.jenkins-ci.plugins:docker-commons MAVEN version =1.0, =1.9.2-beta, =1.2, =1.0.43, =3.0.0, =1.0, =1.26, =1.0, =1.0, =1.0, =0.2, =0.1.5, =0.2.3 and more Source cves: CVE-2022-20617 Source advisory: OSV:GHSA-JPXJ-VGQ5-PRJC...

8.8CVSS7.2AI score0.02277EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/01/13 12:1 a.m.32 views

OS command execution vulnerability in Jenkins Docker Commons Plugin

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

8.8CVSS8.3AI score0.02277EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/01/13 12:1 a.m.2 views

GHSA-JPXJ-VGQ5-PRJC OS command execution vulnerability in Jenkins Docker Commons Plugin

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

8.8CVSS7.4AI score0.02277EPSS
Exploits0References6
OSV
OSV
added 2022/01/12 9:45 p.m.13 views

GHSA-2W8G-M5J8-7M87 Zalgo-like output that crashes the server

Impact What kind of vulnerability is it? Who is impacted? colors package caused zalgo-like output see https://github.com/soketi/soketi/issues/276, https://github.com/Marak/colors.js/issues/289, breaking the servers. Only NPM users that recently upgraded or installed the NPM package are affected...

6.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/01/12 9:45 p.m.15 views

Zalgo-like output that crashes the server

Impact What kind of vulnerability is it? Who is impacted? colors package caused zalgo-like output see https://github.com/soketi/soketi/issues/276, https://github.com/Marak/colors.js/issues/289, breaking the servers. Only NPM users that recently upgraded or installed the NPM package are affected...

0.7AI score
Exploits0References2Affected Software1
NVD
NVD
added 2022/01/12 8:15 p.m.10 views

CVE-2021-45449

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information access token or password on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would...

5.5CVSS0.00412EPSS
Exploits0References1
Rows per page
Query Builder