Lucene search
K

281 matches found

Vulnrichment
Vulnrichment
added 2024/02/13 6:51 p.m.6 views

CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

9.1CVSS7.7AI score0.02363EPSS
Exploits0References4
CVE
CVE
added 2024/02/13 6:51 p.m.93 views

CVE-2024-1355

CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...

9.1CVSS9.4AI score0.02363EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/02/03 1:15 a.m.3 views

CVE-2023-43016

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154...

7.3CVSS5.8AI score0.00713EPSS
Exploits1References3
OSV
OSV
added 2024/02/02 3:28 p.m.27 views

CVE-2024-24760 Mailcow Docker Container Exposure to Local Network

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...

8.8CVSS7.3AI score0.00868EPSS
Exploits0References4
CVE
CVE
added 2024/02/02 3:28 p.m.42 views

CVE-2024-24760

CVE-2024-24760 affects mailcow, a dockerized mail suite, with exposed dockerized ports. The root issue: containers on a bridged network are reachable from the same subnet even when ports are bound to 127.0.0.1, enabling potential access to exposed ports. Affected versions are prior to 2024-01c. T...

8.8CVSS7AI score0.00868EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.7 views

mailcow Security Vulnerabilities

mailcow is a mail server suite. A security vulnerability exists in previous versions of mailcow 2024-01c that stems from allowing an attacker on the same subnet to connect to a public port of a Docker container...

8.8CVSS6.7AI score0.00868EPSS
Exploits0References3
NVD
NVD
added 2024/02/01 11:15 p.m.14 views

CVE-2024-24756

Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...

7.5CVSS7.6AI score0.00873EPSS
Exploits1References3
Prion
Prion
added 2024/02/01 11:15 p.m.13 views

Directory traversal

Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...

5CVSS7.1AI score0.00873EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/01 10:38 p.m.9 views

CVE-2024-24756 Crafatar path traversal vulnerability

Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind Cloudflare including crafatar.com are not affected. Instances using the Docker container as shown in the READ...

7.5CVSS7.5AI score0.00873EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/05 4:15 p.m.20 views

Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed a vulnerability (CVE-2022-43867)

Summary A Security Vulnerability has been addressed in the IBM Security Verify Access OpenID Connect OIDC Provider container. Vulnerability Details CVEID:CVE-2022-43876 DESCRIPTION: IBM Security Verify Access OIDC Provider allows web pages to be stored locally which can be read by another user on...

7.8CVSS7.4AI score0.00281EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2023/12/28 11:36 a.m.747 views

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

Proof Of Concept of SSRF on Request-Baskets CVE-2023-27163...

6.5CVSS6.3AI score0.06976EPSS
Exploits29
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/13 5:48 p.m.60 views

Security Bulletin: IBM Security Verify Access is vulnerable to Rapid Reset attacks if HTTP2 is enabled (CVE-2023-44487)

Summary The Webseal component of IBM Security Verify Access product is vulnerable to CVE-2023-44487, a flaw in handling multiplexed streams in the HTTP/2 protocol. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
CVE
CVE
added 2023/12/04 8:36 p.m.388 views

CVE-2023-47633

CVE-2023-47633 affects the Traefik Docker image when it serves as its own backend, triggered by an automatically generated route from Docker integration in default configuration. The issue causes 100% CPU usage, leading to a denial of service-like impact on the affected instance. The vulnerabilit...

7.5CVSS7.5AI score0.01269EPSS
Exploits1References3Affected Software1
Kitploit
Kitploit
added 2023/12/04 11:30 a.m.67 views

C2-Search-Netlas - Search For C2 Servers Based On Netlas

C2 Search Netlas is a Java utility designed to detect Command and Control C2 servers using the Netlas API. It provides a straightforward and user-friendly CLI interface for searching C2 servers, leveraging the Netlas API to gather data and process it locally. Usage To utilize this terminal utilit...

7.7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2023/11/14 11:54 a.m.52 views

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service DDoS botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, buil...

7.9AI score
Exploits0
GithubExploit
GithubExploit
added 2023/10/25 5:10 p.m.460 views

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

9.8CVSS9.8AI score0.97924EPSS
Exploits37
GithubExploit
GithubExploit
added 2023/10/25 5:10 p.m.506 views

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

9.8CVSS9.8AI score0.97924EPSS
Exploits37
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/14 5:16 a.m.43 views

Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed multiple vulnerabilities (CVE-2022-43868, CVE-2022-43739, CVE-2022-43740)

Summary Multiple security vulnerabilities have been addressed in the IBM Security Verify Access OpenID Connect OIDC Provider container. Vulnerability Details CVEID:CVE-2022-43868 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in...

7.5CVSS7AI score0.00772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/14 5:5 a.m.45 views

Security Bulletin: Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303)

Summary A Security Vulnerability in libxml2 as shipped with IBM Security Verify Access has been fixed. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XMLPARSEHUGE...

7.5CVSS7.7AI score0.22791EPSS
Exploits2Affected Software1
Kitploit
Kitploit
added 2023/09/07 11:30 a.m.46 views

DorXNG - Next Generation DorX. Built By Dorks, For Dorks

DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine. Our SearXNG...

7.2AI score
Exploits0References6
Rows per page
Query Builder