Lucene search
K

942 matches found

Metasploit
Metasploit
added 2024/05/17 7:54 p.m.316 views

Halloy IRC Credential Gatherer

This module searches for credentials stored on Halloy IRC Client on a Windows host. Module Options msf use post/windows/gather/credentials/halloyirc msf posthalloyirc show actions ...actions... msf posthalloyirc set ACTION msf posthalloyirc show options ...show and set options... msf posthalloyir...

6.9AI score
Exploits0
Veracode
Veracode
added 2024/05/17 11:30 a.m.13 views

Improper Access Control

mlflow is vulnerable to Improper Access Control. The vulnerability is due to improper validation of DELETE requests by users with EDIT permissions, allowing unauthorized deletions of artifacts...

5.4CVSS6.4AI score0.00329EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.4 views

PT-2024-9210 · Sonatype · Sonatype Nexus Repository 2

Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository 2 versions up to and including 2.15.1 Description: A stored Cross-site Scripting vulnerability has been discovered, which affects the structure of web pages. This issue may allow a remote attacker to perform cross-si...

5.1CVSS6.1AI score0.00397EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.8 views

PT-2024-9211 · Sonatype · Sonatype Nexus Repository

Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository 2 versions up to and including 2.15.1 Description: A Remote Code Execution issue has been discovered, related to incorrect code generation management. This allows a remote attacker to execute arbitrary code by...

7.1CVSS8.6AI score0.01864EPSS
Exploits0References17
OSV
OSV
added 2024/05/16 9:15 a.m.7 views

CVE-2024-4263

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS5.3AI score
Exploits0References2
PyPA
PyPA
added 2024/05/16 9:15 a.m.4 views

PYSEC-2024-51

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS6.7AI score0.00329EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/05/16 9:15 a.m.3 views

PYSEC-2024-51

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS5.9AI score0.00329EPSS
Exploits1References3
NVD
NVD
added 2024/05/15 4:15 p.m.25 views

CVE-2024-31216

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

5.1CVSS5.2AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/15 3:52 p.m.23 views

CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

5.1CVSS5.5AI score0.00213EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/04/30 10:41 a.m.15 views

Moderate: Red Hat Security Advisory: Image builder components bug fix, enhancement and security update

An update for osbuild and osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.1CVSS6.4AI score0.00188EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.22 views

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

6.1CVSS6.7AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2024/04/30 12:0 a.m.21 views

ALSA-2024:2119 Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

6.1CVSS6.1AI score0.00188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.1 views

PT-2024-5968 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 Description: The issue is related to insufficient authorization procedures in GitLab, allowing a remote attacker to...

4.3CVSS6.6AI score0.00372EPSS
Exploits0References14
AlpineLinux
AlpineLinux
added 2024/04/22 10:24 p.m.3 views

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

5.4CVSS7.2AI score0.00463EPSS
Exploits0References4
CVE
CVE
added 2024/04/22 10:24 p.m.104 views

CVE-2024-32657

CVE-2024-32657 affects Hydra, the CI service for Nix-based projects. The vulnerability arises from a feature that lets Nix builds specify files served to clients, with HTML build artifacts being exploitable in the browser context and capable of triggering arbitrary code execution when viewed. Imp...

5.4CVSS7AI score0.00463EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/04/22 10:24 p.m.16 views

CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

4.6CVSS5.4AI score0.00463EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2024/04/22 5:56 p.m.75 views

K000139361: Moby Buildkit vulnerabilities CVE-2024-23651,CVE-2024-23652, and CVE-2024-23653

Security Advisory Description CVE-2024-23651 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead ...

10CVSS6.7AI score0.02983EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.5 views

PT-2024-24749 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to the fix commit applied around 2024-04-21 14:30 UTC Description: Hydra, a Continuous Integration service for Nix-based projects, has an issue that allows attackers to execute arbitrary code in the browser context and...

4.6CVSS7.5AI score0.00463EPSS
Exploits0References8
OSV
OSV
added 2024/04/19 3:15 p.m.5 views

CVE-2024-3684

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

7.2CVSS5.8AI score0.01095EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/19 2:25 p.m.21 views

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

8CVSS8.2AI score0.01095EPSS
Exploits0References4
Rows per page
Query Builder