Lucene search
K

9260 matches found

GithubExploit
GithubExploit
added 2021/12/10 11:19 p.m.874 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-...

10CVSS8.9AI score0.99999EPSS
Exploits347
Mageia
Mageia
added 2021/12/10 10:19 p.m.51 views

Updated opencontainers-runc packages fix security vulnerability

It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have so...

6CVSS3AI score0.01663EPSS
Exploits1References2
OSV
OSV
added 2021/12/10 10:19 p.m.7 views

MGASA-2021-0553 Updated opencontainers-runc packages fix security vulnerability

It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have so...

6CVSS6.2AI score0.01663EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/10 6:57 p.m.65 views

Security Bulletin: Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus

Summary Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX such as directory traversal, execution of arbitrary commands, obtaining sensitive information, elevated privileges, bypassing security restrictions, and denial of service, may affect IBM Spectrum Protect Plus. Vulnerability...

8.3CVSS8.6AI score0.78684EPSS
Exploits44Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/07 12:0 a.m.7 views

The vulnerability of the Docker Desktop for Windows platform, related to the improper assignment of permissions to the docker-credential-wincred.exe file, allows a malicious individual to escalate their privileges.

The vulnerability of the Docker Desktop for Windows platform, which is used for developing and delivering container applications, is related to the incorrect assignment of permissions for the file docker-credential-wincred.exe in the %PROGRAMDATA%\DockerDesktop\version-bin directory. Exploiting...

9.3CVSS7.1AI score0.29628EPSS
Exploits5References6Affected Software3
OpenVAS
OpenVAS
added 2021/12/07 12:0 a.m.13 views

Debian: Security Advisory (DLA-2841-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6CVSS6.4AI score0.01663EPSS
Exploits1References3
Hacker One
Hacker One
added 2021/12/05 4:6 p.m.106 views

GitLab: Installing Gitlab runner with Docker-In-Docker allows root access

Summary Installing a Gitlab runner using official documents: https://docs.gitlab.com/ee/ci/docker/usingdockerbuild.htmluse-docker-socket-binding allows any user with access to Gitlab CI to have root access on Gitlab Runner server. Steps to reproduce Install Gitlab-runner binary using official...

0.1AI score
Exploits0
Fedora
Fedora
added 2021/12/05 1:40 a.m.46 views

[SECURITY] Fedora 34 Update: skopeo-1.5.2-1.fc34

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

2.6AI score0.02085EPSS
Exploits0
Fedora
Fedora
added 2021/12/05 1:7 a.m.43 views

[SECURITY] Fedora 35 Update: skopeo-1.5.2-1.fc35

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

2.6AI score0.02085EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/12/05 12:0 a.m.10 views

Fedora: Security Advisory for skopeo (FEDORA-2021-aacef7fa15)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6.5AI score0.02085EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/05 12:0 a.m.16 views

Fedora: Security Advisory for skopeo (FEDORA-2021-3dda301691)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6.5AI score0.02085EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/04 12:0 a.m.16 views

Fedora: Security Advisory for moby-engine (FEDORA-2021-eb2742b148)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS6.5AI score0.02085EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/12/02 5:51 p.m.41 views

OS Command injection in docker-cli-js

Withdrawn After reviewing this CVE, and this response from the maintainer, we have withdrawn this advisory. Original CVE description This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will ...

9.3CVSS4.8AI score0.01824EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/12/02 5:51 p.m.3 views

GHSA-FF45-7PRW-58VJ OS Command injection in docker-cli-js

Withdrawn After reviewing this CVE, and this response from the maintainer, we have withdrawn this advisory. Original CVE description This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will ...

9.3CVSS7.3AI score0.01824EPSS
Exploits1References5
Mageia
Mageia
added 2021/12/02 4:49 p.m.303 views

Updated docker-containerd packages fix security vulnerability

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

5CVSS1.6AI score0.02085EPSS
Exploits0References2
Fedora
Fedora
added 2021/12/01 1:21 a.m.47 views

[SECURITY] Fedora 35 Update: moby-engine-20.10.11-1.fc35

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

5CVSS5.5AI score0.02085EPSS
Exploits0
Fedora
Fedora
added 2021/12/01 1:14 a.m.32 views

[SECURITY] Fedora 34 Update: moby-engine-20.10.11-1.fc34

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

5CVSS5.5AI score0.02085EPSS
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/12/01 12:0 a.m.7 views

Analyzing How TeamTNT Used Compromised Docker Hub Accounts

Following our previous disclosure of compromised Docker hub accounts delivering cryptocurrency miners, we analyze these accounts and discover more malicious actions that you need to be aware of...

3.6AI score
Exploits0
GithubExploit
GithubExploit
added 2021/11/25 12:47 p.m.618 views

Exploit for Code Injection in Gitlab

Golang-CVE-2021-22205-POC A bare bones CVE-2021-22205 Gitlab R...

10CVSS9.2AI score0.99981EPSS
Exploits57
Huntr
Huntr
added 2021/11/24 1:39 p.m.10 views

Cross-site Scripting (XSS) - Stored in leantime/leantime

Description I found Stored XSS in the title of the content. Proof of Concept Step 1.First of all, build the environment with Docker and create an administrator user. 2.Next, create a new "To -DO" from "Project Dashboard" in the left menu. / 3.Next, create an account for the role of "Team Member"...

6.4AI score
Exploits0References1
Rows per page
Query Builder