2478 matches found
Docker Desktop 命令注入漏洞
Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
PT-2023-2062 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.17.0 Description: The issue allows an attacker to execute arbitrary commands inside a Dev Environments container during initialization. This can be achieved by tricking a user into opening a crafted maliciou...
What Tech Companies Should Look For in Cloud Security
The cloud's computing power and flexibility unlocks unprecedented speed and efficiency—a tech company's two best friends. But with that speed and efficiency comes new environments and touchpoints in an organization's footprint. That expanding attack surface brings along with it an expanding range...
USN-5917-1: Linux kernel vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
Hackers Exploit Containerized Environments to Steal Proprietary Data and Software
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...
Hackers Exploit Containerized Environments to Steal Proprietary Data and Software
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...
LAPS : Randomizing Local Admin Passwords in Non-persistent Environments
Use LAPS inLocal Admin Passwords for Non-persistent Environments...
Spring Cloud Function for Azure Function
What is the Spring Cloud Function? Spring Cloud Function is a SpringBoot-based framework allowing users to concentrate on their business logic by implementing them as Java Functions i.e., Supplier, Function, Consumer. In turn the framework provides necessary abstraction to enable execution of the...
[SECURITY] Fedora 36 Update: apptainer-1.1.6-1.fc36
Apptainer provides functionality to make portable containers that can be used across host environments...
[SECURITY] Fedora 37 Update: apptainer-1.1.6-1.fc37
Apptainer provides functionality to make portable containers that can be used across host environments...
CVE-2023-25657 Remote code execution in Jinja2 template rendering in Nautobot
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the...
K29100014: Intel processors vulnerability CVE-2019-14607
Security Advisory Description Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. CVE-2019-14607 Impact While certain F5 hardware platforms...
K29146534: SSB Variant 4 vulnerability CVE-2018-3639
Security Advisory Description Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...
K34425791: Intel processor vulnerabilities CVE-2019-0151, CVE-2019-0152
Security Advisory Description CVE-2019-0151 Insufficient memory protection in IntelR TXT for certain IntelR Core Processors and IntelR XeonR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2019-0152 Insufficient memory protection in Syste...
Adobe Connect Access Control Error Vulnerability (CNVD-2023-14294)
Adobe Connect is a software for creating meeting environments from Adobe. Adobe Connect has an access control error vulnerability that can be exploited by attackers to cause security features to be bypassed...
SUSE CVE-2007-3303
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that 1 stop request processing by killing all worker processes and preventing creation of replacements or 2 hang the system by forcin...
SUSE CVE-2014-4670
Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments...
SUSE CVE-2019-18459
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions issue 3 of 4...
SUSE CVE-2020-36148
Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions e.g. in embedded environment...
Invoke-Transfer - PowerShell Clipboard Data Transfer
Invoke-Transfer Invoke-Transfer is a PowerShell Clipboard Data Transfer. This tool helps you to send files in highly restricted environments such as Citrix, RDP, VNC, Guacamole.. using the clipboard function. As long as you can send text through the clipboard, you can send files in text format, i...