15 matches found
Exploit for Out-of-bounds Write in Netapp Bootstrap_Os
Typeform DevSecOps Pipeline POC !Pythonhttps://img.shields...
EUVD-2019-6558
Malware in sbrugna...
discover
This is a collection of custom bash scripts used to automate various penetration testing tasks, including reconnaissance, scanning, enumeration, and malicious payload creation using Metasploit. The scripts are designed to be used with Kali Linux. The scripts are organized into several categories,...
Elevating Security: Qualys Unveils First Solution for Scanning AWS Bottlerocket in Amazon EKS and Amazon ECS
With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...
CVE-2023-4777
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins and to connect to an...
CVE-2023-4777
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins and to connect to an...
CVE-2023-4777
CVE-2023-4777 affects Qualys Container Scanning Connector Plugin for Jenkins (versions ≤ 1.6.2.6). The root cause is an incorrect permission check that lets an attacker with global Item/Configure permission, but not per-job Item/Configure, enumerate credential IDs stored in Jenkins and connect to...
CVE-2023-4777 Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins and to connect to an...
What's New in InsightVM and Nexpose: Q4 2021 in Review
Greetings, fellow security professionals. As we enter into the new year, we wanted to provide a recap of product releases and features on the vulnerability management VM front for Q4 2021. Let's start by talking about the elephant in the room. The end of last year was dominated by Log4Shell, the...
Terrier - A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes
Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog,...
CVE-2019-15591
An improper access control vulnerability exists in GitLab 12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled...
Improper access control
An improper access control vulnerability exists in GitLab 12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled...
CVE-2019-15591
An improper access control vulnerability exists in GitLab 12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled...
CVE-2019-15591
Removed by vendor...
GitLab: Container scanning and Dependency scanning report leaked to unauthorized users
Hi GitLab Security team Summary GitLab makes the container scanning and dependency scanning information available as part of a JSON endpoint for merge requests. These reports are output of the CI job and should only be displayed if the visiting user has access to CI. However, right now GitLab...