CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2020/09/23 1:15 p.m.•29 views

CVE-2020-14370

5.3CVSS6.5AI score0.01402EPSS

Prion•added 2020/09/23 1:15 p.m.•24 views

Information disclosure

4CVSS5.1AI score0.01402EPSS

Exploits0References4Affected Software4

Cvelist•added 2020/09/23 12:0 a.m.•32 views

CVE-2020-14370

5.3AI score0.01402EPSS

Debian CVE•added 2020/09/23 12:0 a.m.•26 views

CVE-2020-14370

5.3CVSS5.5AI score0.01402EPSS

CVE•added 2020/09/23 12:0 a.m.•362 views

CVE-2020-14370

CVE-2020-14370 is a Podman information-disclosure vulnerability where environment variables from the first container leak into subsequent containers when using Varlink or Docker-compatible REST API if multiple containers are created quickly. Connected docs indicate a later CVE-2022-2739 reference...

5.3CVSS5AI score0.01402EPSS

Exploits0References4Affected Software1

AlpineLinux•added 2020/09/23 12:0 a.m.•52 views

CVE-2020-14370

5.3CVSS5.5AI score0.01402EPSS

RedhatCVE•added 2020/09/22 9:2 a.m.•41 views

CVE-2020-14370

An information disclosure flaw was found in containers/podman. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container leak into subsequent containers. This flaw allows an...

5.3CVSS1.7AI score0.01402EPSS

Veracode•added 2020/09/21 6:27 a.m.•24 views

Information Leakage

firefox is vulnerable to information leakage. A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox...

7.5CVSS4.6AI score0.00807EPSS

Exploits0References7Affected Software2

OPENSUSE Linux•added 2020/09/18 12:0 a.m.•44 views

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1100-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes three...

7.5CVSS7.2AI score0.01336EPSS

OSV•added 2020/09/16 6:15 p.m.•2 views

UBUNTU-CVE-2020-25039

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution...

8.1CVSS7.1AI score0.02014EPSS

OSV•added 2020/09/15 8:30 p.m.•33 views

GHSA-V35C-49J6-Q8HQ Security Constraint Bypass in Spring Security

Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...

7.5CVSS7.3AI score0.01404EPSS

Github Security Blog•added 2020/09/15 8:30 p.m.•90 views

Security Constraint Bypass in Spring Security

7.5CVSS0.2AI score0.01404EPSS

Exploits0References5Affected Software1

CNVD•added 2020/08/29 12:0 a.m.•4 views

IBM Spectrum Protect Information Disclosure Vulnerability (CNVD-2020-49927)

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from IBM in the United States. The platform provides organizations with a single point of control and management, and supports backup and recovery for virtual, physical and cloud environments of...

3.3CVSS5.8AI score0.00201EPSS

Exploits0References1

Veracode•added 2020/08/21 4:37 a.m.•8 views

Insecure Authorization

github.com/opencontainers/runc does not provide secure authorization. Users who have created their config.json objects and did not prefix a deny-all rule "allow": false, "permissions": "rwm" or equivalent were not provided protection by the devices cgroup. This would allow malicious containers wi...

5.7AI score

Microsoft KB•added 2020/08/11 7:0 a.m.•116 views

August 11, 2020—KB4571746 (Security-only update)

August 11, 2020—KB4571746 Security-only update IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of...

10CVSS7.5AI score0.41131EPSS

Exploits11

Tenable Nessus•added 2020/08/11 12:0 a.m.•35 views

RHEL 8 : python-paunch and openstack-tripleo-heat-templates (RHSA-2020:3410)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3410 advisory. Library and utility to launch and manage containers using YAML based configuration data. openstack-tripleo-heat-templates is a collection of OpenStac...

9.9CVSS8.2AI score0.00889EPSS

Metasploit•added 2020/08/06 5:41 p.m.•99 views

Linux Container Enumeration

This module attempts to enumerate containers on the target machine and optionally run a command on each active container found. Currently it supports Docker, LXC and RKT. Module Options msf use post/linux/gather/enumcontainers msf postenumcontainers show actions ...actions... msf postenumcontaine...

7.1AI score

OSV•added 2020/07/27 8:15 p.m.•20 views

CVE-2020-8558

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally...

8.8CVSS6.8AI score