Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2672 matches found

CVE
CVEadded 2023/12/08 8:8 p.m.53 views

CVE-2023-48311

CVE-2023-48311 affects dockerspawner for JupyterHub deployments. Versions 0.11.0 through 12 (and up to 13 in some advisories) permit users to launch any pullable Docker image when DockerSpawner.allowed_images is not explicitly restricted, instead of only the configured image. Root cause: misconfi...

8CVSS5.8AI score0.00633EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2023/12/08 8:8 p.m.23 views

CVE-2023-48311 Any image allowed by default

dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable docker image, instead of restricting to...

8CVSS5.8AI score0.00633EPSS
Exploits0References4
0day.today
0day.todayadded 2023/12/07 12:0 a.m.472 views

ownCloud Phpinfo Reader Exploit

Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...

10CVSS6.6AI score0.78428EPSS
Exploits5
RedHat Linux
RedHat Linuxadded 2023/12/06 12:20 a.m.41 views

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 6.0.3 security update

An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

8.8CVSS7AI score0.99999EPSS
Exploits19References5
Rockylinux
Rockylinuxadded 2023/11/28 10:43 p.m.12 views

container-tools:rhel8 bug fix update

An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...

7.3AI score
Exploits0
RedHat Linux
RedHat Linuxadded 2023/11/27 4:8 p.m.22 views

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 9.0.0 security update

The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update ...

8.8CVSS7AI score0.11668EPSS
Exploits2References54
RedHat Linux
RedHat Linuxadded 2023/11/27 11:44 a.m.7 views

Moderate: Red Hat Enhancement Advisory: OpenShift sandboxed containers 1.5.0 update

OpenShift sandboxed containers 1.5.0 is now available. OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers...

7.8CVSS6.6AI score0.00542EPSS
Exploits1References20
wpexploit
wpexploitadded 2023/11/27 12:0 a.m.163 views

so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

Description The plugin does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites. 1. Create a multi-site wordpress setup, i.e. using docker-containers,...

7.2CVSS8.7AI score0.01034EPSS
Exploits2
Prion
Prionadded 2023/11/21 10:15 p.m.23 views

Design/Logic Flaw

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

5CVSS6.4AI score0.78428EPSS
Exploits5References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/11/21 12:0 a.m.23 views

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS6.6AI score0.78428EPSS
Exploits5References2
Fedora
Fedoraadded 2023/11/20 1:30 a.m.33 views

[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.5.0-1.fc38

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

7.5CVSS8.3AI score0.03796EPSS
Exploits0
Fedora
Fedoraadded 2023/11/20 12:51 a.m.39 views

[SECURITY] Fedora 37 Update: prometheus-podman-exporter-1.5.0-1.fc37

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

7.5CVSS8.3AI score0.03796EPSS
Exploits0
OpenVAS
OpenVASadded 2023/11/20 12:0 a.m.12 views

Fedora: Security Advisory (FEDORA-2023-b75ee820ce)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.03796EPSS
Exploits0References3
Oracle linux
Oracle linuxadded 2023/11/18 12:0 a.m.405 views

container-tools:4.0 security and bug fix update

buildah 1:1.24.6-7 - rebuild for CVE-2023-29406 - Related: 2176055 1:1.24.6-6 - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: 2179943 - Resolves: 2187341 - Resolves:...

9.8CVSS8.4AI score0.04561EPSS
Exploits2
Github Security Blog
Github Security Blogadded 2023/11/16 9:30 a.m.28 views

Apache Hadoop allows local user to gain root privileges

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

7.5CVSS7.4AI score0.02089EPSS
Exploits0References8Affected Software1
OSV
OSVadded 2023/11/16 9:30 a.m.24 views

GHSA-94JH-J374-9R3J Apache Hadoop allows local user to gain root privileges

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

7.7CVSS7.7AI score0.02089EPSS
Exploits0References8
NVD
NVDadded 2023/11/16 9:15 a.m.13 views

CVE-2023-26031

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

7.5CVSS0.02089EPSS
Exploits0References4
OSV
OSVadded 2023/11/16 9:15 a.m.22 views

CVE-2023-26031

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

7.5CVSS7.7AI score
Exploits0References4
Cvelist
Cvelistadded 2023/11/16 8:15 a.m.40 views

CVE-2023-26031 Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

7.9AI score0.02089EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2023/11/16 8:15 a.m.26 views

CVE-2023-26031 Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

7.7AI score0.02089EPSS
Exploits0References4
Rows per page
Query Builder