110 matches found
Security update for grafana (important)
openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2021:2662-1 Rating: important References: 1183803 1183809 1183811 1183813 1184371 Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVSS scores: CVE-2021-27358 NVD : 7.5...
GHSA-Q6PJ-JH94-5FPR OS Command Injection in docker-compose-remote-api
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable serviceName which can be controlled by users without any sanitization...
OS Command Injection in docker-compose-remote-api
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable serviceName which can be controlled by users without any sanitization...
Jenkins Remote API Information Disclosure (CVE-2017-1000395)
An information disclosure vulnerability exists in Jenkins Remote API. Successful exploitation of this vulnerability could allow a remote attacker to gain information about Jenkins user accounts...
Denial Of Service (DoS)
github.com/grafana/grafana is vulnerable to denial of service. An unauthenticated attacker is able to crash the application via a remote API call to the snapshot feature...
CVE-2021-27358
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...
UBUNTU-CVE-2021-27358
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...
Blackrota Golang Backdoor Packs Heavy Obfuscation Punch
Researchers have discovered a new backdoor written in the Go programming language Golang, which turned their heads due to its heavy level of obfuscation. The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access...
CVE-2020-14517
Protocol encryption can be easily broken for CodeMeter All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API...
REST API - Deactivate the REST API
h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is active by default and there is no way to deactivate. It should have a similar option like the Enabling the Remote...
The vulnerability of the docker-compose-remote-api package from the package manager NPM allows a attacker to execute arbitrary commands.
The vulnerability of the docker-compose-remote-api package from the package manager NPM is related to insufficient validation of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the target system remotely...
OS Command Injection
docker-compose-remote-api is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the serviceName parameter due to lack of validation before passing to the exec function...
CVE-2020-7606
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...
CVE-2020-7606
CVE-2020-7606 affects the package docker-compose-remote-api (up to 0.1.4 and earlier). The root cause is in index.js: the function exec(serviceName, cmd, …) uses the variable serviceName, which can be controlled by users without sanitization, enabling OS command injection. Reported across multipl...
exframe-integration (>=1.0.0 <=1.1.15), test-integration (>=2.0.0 <=2.2.7) potentially affected by CVE-2020-7606 via docker-compose-remote-api (=0.1.4)
docker-compose-remote-api NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on docker-compose-remote-api and may be impacted: - exframe-integration =1.0.0, =2.0.0, =2.2.7 Source cves: CVE-2020-7606 Source advisory:...
Command Injection
Overview docker-compose-remote-api is a Connection interface between docker-compose and the Docker Remote API. Affected versions of this package are vulnerable to Command Injection. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable...
New Crypto in Go 1.14
Go 1.14 is out and with it come a few nice updates to crypto/tls! Will this certificate work? Certificate selection in TLS1 is a mess. I was going to try and describe it here to make the point, but I kept getting it wrong and it was even too messy for something just meant to make the point that i...
Podman Varlink 1.5.1 - Remote Code Execution
Podman Varlink 1.5.1 - Remote Code Execution Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on:...
Podman / Varlink Remote Code Execution
!/usr/bin/python -- coding: UTF-8 -- pickletime.py Podman + Varlink Insecure Config Remote Exploit Jeremy Brown jbrown3264/gmail @ Oct 2019 ------- Details ------- Podman is container engine / platform similar to Docker supported by RedHat and Fedora with Varlink being a protocol to exchange...
Podman & Varlink 1.5.1 - Remote Code Execution Exploit
Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on: Fedora Server 30 !/usr/bin/python -- coding:...