Lucene search
K

36 matches found

CVE
CVE
added 2025/03/25 6:8 p.m.154 views

CVE-2025-2312

CVE-2025-2312 affects cifs-utils (cifs.upcall) where, in containerized environments, an upcall is made to the wrong namespace, risking disclosure of the host Kerberos credentials cache. Public advisories across multiple distributions (Debian, Mageia, Alpine Linux, CBL-Mariner) confirm the flaw an...

5.9CVSS6.5AI score0.00149EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/03/25 6:8 p.m.25 views

CVE-2025-2312

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...

5.9CVSS6.8AI score0.00149EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/14 10:50 p.m.23 views

Our Takeaways From 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP): Insights and Market Evolution

Are your cloud-native applications and multi-cloud infrastructure adequately protected against evolving threats? How confident are you in your current security measures for cloud workloads and containerized environments? The recent Gartner Market Guide for Cloud-Native Application Protection...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/06/20 11:6 a.m.23 views

Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)

IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...

7AI score
Exploits0
OSV
OSV
added 2024/04/30 12:0 a.m.28 views

ALSA-2024:2160 Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: html/template: improper handling of HTML-like comments within script contexts...

6.1CVSS7.2AI score0.01208EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/03/18 12:0 a.m.8 views

The vulnerability of the IBM MQ Operator software, which manages containerized environments and relies on cryptographic algorithms, contains defects that allow attackers to compromise protected information.

The vulnerability of the IBM MQ Operator, a software tool for managing containerized environments, is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker to disclose protected information...

5.9CVSS6.2AI score0.00261EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/09 10:3 a.m.40 views

Moderate: Red Hat Security Advisory: toolbox security and bug fix update

An update for toolbox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.7AI score0.05623EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2023/03/16 1:39 p.m.40 views

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/02 1:40 p.m.3 views

Hackers Exploit Containerized Environments to Steal Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/02 1:40 p.m.71 views

Hackers Exploit Containerized Environments to Steal Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...

6.9AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/12/07 5:0 p.m.36 views

Mitigate threats with the new threat matrix for Kubernetes

Today, we are glad to release the third version of the threat matrix for Kubernetes, an evolving knowledge base for security threats that target Kubernetes clusters. The matrix, first released by Microsoft in 2020, was the first attempt to systematically cover the attack landscape of Kubernetes...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/01 11:44 a.m.59 views

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...

9.8CVSS1.3AI score0.32516EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2022/11/15 12:0 a.m.38 views

Moderate: toolbox security and bug fix update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang...

7.5CVSS7.6AI score0.01618EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2022/08/01 12:0 a.m.7 views

Fedora: Security Advisory for toolbox (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2021/04/22 12:30 p.m.208 views

Kubesploit - A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl @Ne0nd0g. Our Motivation While researching Docker and Kubernetes, we noticed that most of the...

8.6CVSS9.2AI score0.9857EPSS
Exploits33References9
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/03/23 4:0 p.m.63 views

Secure containerized environments with updated threat matrix for Kubernetes

Last April, we released the first version of the threat matrix for Kubernetes. It was the first attempt to systematically map the threat landscape of Kubernetes. As we described in the previous post, we chose to adapt the structure of MITRE ATT&CK® framework which, became almost an industry...

2.1CVSS5.6AI score0.01133EPSS
Exploits0
Rows per page
Query Builder