Lucene search
K

128 matches found

OSV
OSV
added 2022/12/16 11:15 p.m.25 views

PYSEC-2022-42993

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

6.5CVSS6.9AI score0.00704EPSS
Exploits1References3
CVE
CVE
added 2022/12/16 10:56 p.m.140 views

CVE-2022-23530

CVE-2022-23530 affects GuardDog prior to v0.1.8, where scanning a remotely fetched PyPI package could trigger arbitrary file writes. The root cause is using shutil.unpack_archive() on a crafted tarball without validating that extracted paths stay within the destination directory, allowing writes ...

6.5CVSS6AI score0.00704EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/11/30 12:0 a.m.25 views

CVE-2022-24441 Code Injection

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...

5.8CVSS7.4AI score0.00718EPSS
Exploits1References7
CVE
CVE
added 2022/11/30 12:0 a.m.94 views

CVE-2022-24441

CVE-2022-24441 relates to a code injection flaw in Snyk when analyzing a project. According to the provided description, snyk before 1.1064.0 can be leveraged by convincing a user to scan a malicious project, including commands in build files (e.g., build.gradle or gradle-wrapper.jar), which will...

8.8CVSS6.5AI score0.00718EPSS
Exploits1References7Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/11/22 12:0 a.m.34 views

Oracle Linux 9 : runc (ELSA-2022-8090)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-8090 advisory. 4:1.1.4-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: 2061316 Tenable has extracted the preceding description block direct...

7.8CVSS7.4AI score0.00386EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/12 12:0 a.m.95 views

AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7457 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access to th...

7.8CVSS7.4AI score0.03931EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.80 views

SUSE SLES15: kubevirt-container-disk / kubevirt-manifests / kubevirt-tests / etc (SUSE-SU-2022:3333-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3333-1 advisory. The kubevirt stack was updated to version 0.54.0 Release notes...

9.3CVSS7.2AI score0.02737EPSS
Exploits2References12
OpenVAS
OpenVAS
added 2022/09/14 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-2283)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2022/09/09 2:33 p.m.23 views

Integrating Cloud Security With DevOps and CI/CD Tools

This is the latest post in our blog series on shifting left in cloud security. In our last post, we kicked off the series with a high-level overview about Rapid7’s approach to shifting cloud security into the application development lifecycle. For this post, we’ll dive into a key aspect of our...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/08/17 12:0 a.m.41 views

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2240)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...

7.8CVSS7.3AI score0.02693EPSS
Exploits3References6
Fedora
Fedora
added 2022/07/30 1:57 a.m.16 views

[SECURITY] Fedora 36 Update: golang-github-martinhoefling-goxkcdpwgen-0.1.0-3.fc36

xkcd style password generator library and cli tool...

1.6AI score
Exploits0
OSV
OSV
added 2022/07/21 4:15 a.m.3 views

CVE-2022-32498

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure...

7.8CVSS6AI score0.00177EPSS
Exploits0References1
Fedora
Fedora
added 2022/07/17 1:15 a.m.22 views

[SECURITY] Fedora 35 Update: golang-github-martinhoefling-goxkcdpwgen-0.1.0-2.fc35

xkcd style password generator library and cli tool...

9.3CVSS1.6AI score0.05994EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2022/07/12 12:0 a.m.52 views

SUSE SLES15 Security Update : containerd, docker and runc (SUSE-SU-2022:2341-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2341-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior...

7.8CVSS7.1AI score0.00386EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2022/07/05 11:41 a.m.38 views

CVE-2022-2264

A heap buffer overflow vulnerability was found in Vim's inc function of misc2.c. This issue occurs because Vim reads beyond the end of the line with a put command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes a...

3.3CVSS3.2AI score0.01224EPSS
Exploits1References3
Fedora
Fedora
added 2022/07/04 1:35 a.m.20 views

[SECURITY] Fedora 36 Update: golang-github-martinhoefling-goxkcdpwgen-0.1.0-2.fc36

xkcd style password generator library and cli tool...

9.3CVSS8.3AI score0.05994EPSS
Exploits4
OpenVAS
OpenVAS
added 2022/06/01 12:0 a.m.27 views

Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2022-d1f55f8fd0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/05/31 12:0 a.m.25 views

Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2022-e980dc71b1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/05/31 12:0 a.m.26 views

Fedora: Security Advisory for golang-github-opencontainers-runc (FEDORA-2022-91b747a0d7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.9AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2022/05/17 9:15 p.m.22 views

CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

7.8CVSS0.00386EPSS
Exploits0References7
Rows per page
Query Builder