Lucene search
K

941 matches found

Prion
Prion
added 2023/06/06 7:15 p.m.18 views

Design/Logic Flaw

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

4.3CVSS6.4AI score0.00485EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/06/06 7:15 p.m.16 views

Design/Logic Flaw

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The...

3.5CVSS5.6AI score0.00506EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/06 6:15 p.m.398 views

CVE-2023-33959

CVE-2023-33959 concerns notation (notaryproject/notation-go) used to sign/verify OCI artifacts. Affected: the notation tool and its verification flow when a registry is compromised can mislead users into verifying a wrong artifact. Root cause described in connected sources as a verification bypas...

8.8CVSS8.4AI score0.00354EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/06/06 6:15 p.m.15 views

CVE-2023-33959 Verification bypass can cause users into verifying the wrong artifact

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Use...

8.3CVSS8.4AI score0.00354EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/06 6:13 p.m.15 views

CVE-2023-33958 Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

5.4CVSS6.6AI score0.00485EPSS
Exploits0References2
CVE
CVE
added 2023/06/06 6:13 p.m.49 views

CVE-2023-33958

CVE-2023-33958 affects the notation CLI tool for signing/verifying OCI artifacts. The issue is a default maxSignatureAttempts setting in notation verify that can be abused by an attacker who controls a registry to serve an unlimited number of signatures for an artifact, causing denial of service ...

6.5CVSS5.9AI score0.00485EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/06 6:13 p.m.29 views

CVE-2023-33958 Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

5.4CVSS6.3AI score0.00485EPSS
Exploits0References4
CVE
CVE
added 2023/06/06 6:10 p.m.53 views

CVE-2023-33957

CVE-2023-33957 affects the Notation CLI (github.com/notaryproject/notation) and describes a denial-of-service risk: if a registry is compromised and signs many artifacts, a user running notation inspect/verify can exhaust host resources. The issue is mitigated by upgrading to v1.0.0-rc.6 or newer...

5.7CVSS4.6AI score0.00506EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/05 12:0 a.m.52 views

GitLab 13.2.4 < 15.10.8 / 15.11 < 15.11.7 / 16.0 < 16.0.2 (CVE-2023-0121)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0...

7.5CVSS7.2AI score0.01243EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2023/05/23 4:58 p.m.10 views

VeloCON 2023: Submissions Wanted!

Rapid7 is thrilled to announce that the 2nd annual VeloCON virtual summit will be held this September date TBD, with times oriented to the continental USA time zones. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor community...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/16 8:57 a.m.46 views

Moderate: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

7.5CVSS6.7AI score0.05623EPSS
Exploits1References15
OSV
OSV
added 2023/05/09 12:0 a.m.38 views

ALSA-2023:2204 Moderate: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...

7.5CVSS7.1AI score0.05623EPSS
Exploits1References12
NVD
NVD
added 2023/04/21 12:15 p.m.14 views

CVE-2023-2226

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...

5.3CVSS4.4AI score0.00384EPSS
Exploits0References1
Prion
Prion
added 2023/04/21 12:15 p.m.15 views

Input validation

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...

5CVSS5.2AI score0.00384EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/21 11:48 a.m.25 views

CVE-2023-2226 Velociraptor crashes while parsing some malformed PE or OLE files.

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...

3.3CVSS5.5AI score0.00384EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/04/19 12:0 a.m.326 views

VMware Workspace ONE Access Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...

7.8CVSS8.7AI score0.37171EPSS
Exploits8
NVD
NVD
added 2023/04/17 10:15 p.m.25 views

CVE-2023-30543

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

5.7CVSS5.2AI score0.00378EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 7:16 p.m.36 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to sensitive information disclosure due to Apache Commons Net (CVE-2021-37533)

Summary Apache Commons Net is used by the included zOS Utility plugin FTP Artifacts step to connect to remote FTP servers. By persuading a victim to connect to a specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2023/03/27 8:43 p.m.55 views

CVE-2022-37865

A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This issue could allow a malicious used to have unwanted access...

9.1CVSS8.7AI score0.01819EPSS
Exploits0References4
0day.today
0day.today
added 2023/03/20 12:0 a.m.453 views

Open Web Analytics 1.7.3 Remote Code Execution Exploit

Open Web Analytics OWA versions prior to 1.7.4 allow an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. class MetasploitModule 'Open Web Analytics 1.7.3 - Remote Code Execution RCE', 'Description' = %q Op...

9.8CVSS1AI score0.99134EPSS
Exploits14
Rows per page
Query Builder