Lucene search
K

2478 matches found

CNNVD
CNNVD
added 2023/03/13 12:0 a.m.7 views

Docker Desktop 命令注入漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.8CVSS7.8AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.5 views

PT-2023-2062 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.17.0 Description: The issue allows an attacker to execute arbitrary commands inside a Dev Environments container during initialization. This can be achieved by tricking a user into opening a crafted maliciou...

7.8CVSS7.8AI score0.00265EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2023/03/08 3:0 p.m.17 views

What Tech Companies Should Look For in Cloud Security

The cloud's computing power and flexibility unlocks unprecedented speed and efficiency—a tech company's two best friends. But with that speed and efficiency comes new environments and touchpoints in an organization's footprint. That expanding attack surface brings along with it an expanding range...

6.7AI score
Exploits0
Ubuntu
Ubuntu
added 2023/03/03 2:58 p.m.77 views

USN-5917-1: Linux kernel vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.1CVSS7.7AI score0.03702EPSS
Exploits6
The Hacker News
The Hacker News
added 2023/03/02 1:40 p.m.3 views

Hackers Exploit Containerized Environments to Steal Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/02 1:40 p.m.71 views

Hackers Exploit Containerized Environments to Steal Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...

6.9AI score
Exploits0
Citrix
Citrix
added 2023/03/02 12:0 a.m.12 views

LAPS : Randomizing Local Admin Passwords in Non-persistent Environments

Use LAPS inLocal Admin Passwords for Non-persistent Environments...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/02/24 12:0 a.m.18 views

Spring Cloud Function for Azure Function

What is the Spring Cloud Function? Spring Cloud Function is a SpringBoot-based framework allowing users to concentrate on their business logic by implementing them as Java Functions i.e., Supplier, Function, Consumer. In turn the framework provides necessary abstraction to enable execution of the...

0.1AI score
Exploits0
Fedora
Fedora
added 2023/02/22 11:10 a.m.27 views

[SECURITY] Fedora 36 Update: apptainer-1.1.6-1.fc36

Apptainer provides functionality to make portable containers that can be used across host environments...

7.6CVSS2.6AI score0.00709EPSS
Exploits0
Fedora
Fedora
added 2023/02/22 10:16 a.m.27 views

[SECURITY] Fedora 37 Update: apptainer-1.1.6-1.fc37

Apptainer provides functionality to make portable containers that can be used across host environments...

7.6CVSS2.6AI score0.00709EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/21 8:51 p.m.8 views

CVE-2023-25657 Remote code execution in Jinja2 template rendering in Nautobot

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the...

7.5CVSS9.4AI score0.01526EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.47 views

K29100014: Intel processors vulnerability CVE-2019-14607

Security Advisory Description Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access. CVE-2019-14607 Impact While certain F5 hardware platforms...

5.3CVSS5.6AI score0.00343EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.63 views

K29146534: SSB Variant 4 vulnerability CVE-2018-3639

Security Advisory Description Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...

5.5CVSS6.8AI score0.60631EPSS
Exploits2Affected Software19
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.68 views

K34425791: Intel processor vulnerabilities CVE-2019-0151, CVE-2019-0152

Security Advisory Description CVE-2019-0151 Insufficient memory protection in IntelR TXT for certain IntelR Core Processors and IntelR XeonR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2019-0152 Insufficient memory protection in Syste...

7.2CVSS7.1AI score0.00404EPSS
Exploits0
CNVD
CNVD
added 2023/02/17 12:0 a.m.43 views

Adobe Connect Access Control Error Vulnerability (CNVD-2023-14294)

Adobe Connect is a software for creating meeting environments from Adobe. Adobe Connect has an access control error vulnerability that can be exploited by attackers to cause security features to be bypassed...

5.3CVSS5AI score0.81875EPSS
Exploits4References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.3 views

SUSE CVE-2007-3303

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that 1 stop request processing by killing all worker processes and preventing creation of replacements or 2 hang the system by forcin...

4.9CVSS6.8AI score0.0089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-4670

Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments...

4.6CVSS7.7AI score0.0071EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.4 views

SUSE CVE-2019-18459

An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions issue 3 of 4...

5.3CVSS5.4AI score0.0088EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.4 views

SUSE CVE-2020-36148

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions e.g. in embedded environment...

6.5CVSS7AI score0.01154EPSS
Exploits1References5
Kitploit
Kitploit
added 2023/02/14 11:30 a.m.29 views

Invoke-Transfer - PowerShell Clipboard Data Transfer

Invoke-Transfer Invoke-Transfer is a PowerShell Clipboard Data Transfer. This tool helps you to send files in highly restricted environments such as Citrix, RDP, VNC, Guacamole.. using the clipboard function. As long as you can send text through the clipboard, you can send files in text format, i...

7.1AI score
Exploits0References1
Rows per page
Query Builder