Lucene search
K

9260 matches found

OSV
OSV
added 2025/01/10 7:54 p.m.6 views

MGASA-2025-0004 Updated opencontainers-runc packages fix security vulnerability

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing...

3.6CVSS4.2AI score0.00317EPSS
Exploits0References3
Mageia
Mageia
added 2025/01/10 7:54 p.m.12 views

Updated opencontainers-runc packages fix security vulnerability

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing...

3.6CVSS6.8AI score0.00317EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/01/04 12:25 a.m.302 views

Exploit for Race Condition in Openbsd Openssh

Summary This is essentially a statistical vulnerability: a la...

8.1CVSS9.3AI score0.99506EPSS
Exploits68
Tenable Nessus
Tenable Nessus
added 2025/01/03 12:0 a.m.11 views

ZenML < 0.56.3 Unpatched Session Expiration Exposure (CVE-2024-4680)

The version of ZenML installed on the remote host is prior to 0.56.3. It is, therefore, affected by a vulnerability which allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change,...

8.8CVSS5.7AI score0.00405EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/01/03 12:0 a.m.8 views

ZenML < 0.57.1 DoS (CVE-2024-4460)

The version of ZenML installed on the remote host is prior to 0.57.1. It is, therefore, affected by a denial of service DoS vulnerability exists in zenml-io/zenml version due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through th...

5.2AI score
Exploits0References4
NVD
NVD
added 2024/12/31 3:15 a.m.14 views

CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

7.6CVSS0.00543EPSS
Exploits0References9
Prion
Prion
added 2024/12/31 3:15 a.m.14 views

CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

7.6CVSS0.00543EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/31 2:19 a.m.26 views

CVE-2024-45497 Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

7.6CVSS0.00543EPSS
Exploits0References9
CBLMariner
CBLMariner
added 2024/12/23 2:23 a.m.31 views

CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2

CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2. A patched version of the package is available...

9.1CVSS9.6AI score0.03092EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.6 views

The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, which is related to errors in privilege management, allows attackers to elevate their privileges.

The vulnerability of the application access protection software in Docker environments is related to errors in privilege management. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7.7AI score0.00228EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/12/21 12:0 a.m.9 views

SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-SUSE-RU-2024:4391-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2024:4391-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last...

9.9CVSS7AI score0.16496EPSS
Exploits0References7
OSV
OSV
added 2024/12/20 9:13 a.m.9 views

SUSE-RU-2024:4391-1 Recommended update for docker-stable

This update for docker-stable fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Dock...

9.9CVSS9.6AI score0.16496EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2024/12/19 3:50 p.m.396 views

Exploit for Cross-site Scripting in Melapress Wp_Activity_Log

CVE-2024-10793 PoC Set this lines to your hosts file:...

7.2CVSS9.4AI score0.01293EPSS
Exploits1
NVD
NVD
added 2024/12/19 2:15 a.m.21 views

CVE-2024-35141

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges...

7.8CVSS0.00228EPSS
Exploits1References2
OSV
OSV
added 2024/12/19 2:15 a.m.2 views

CVE-2024-35141

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges...

7.8CVSS7.4AI score0.00228EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/12/19 1:10 a.m.23 views

CVE-2024-35141 IBM Security Verify Access privilege escalation

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges...

7.8CVSS0.00228EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.1 views

IBM Security Verify Access Docker 安全漏洞

IBM Security Verify Access Docker is a service from International Business Machines IBM that can be used to configure a Security Verify Access environment for Docker. A security vulnerability exists in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6, which stems from a...

7.8CVSS8.2AI score0.00228EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2024/12/19 12:0 a.m.4 views

docker-27.4.1_ce-12.1 on GA media (moderate)

docker-27.4.1ce-12.1 on GA media Announcement ID: openSUSE-SU-2024:14597-1 Rating: moderate Cross-References: CVE-2024-29018 CVSS scores: CVE-2024-29018 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2024-29018 SUSE : 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:...

8.2CVSS7.2AI score0.0075EPSS
Exploits0
Wolfi
Wolfi
added 2024/12/18 9:59 p.m.109 views

GHSA-W32M-9786-JP63 vulnerabilities

Vulnerabilities for packages: gomplate, step-ca, k8sgpt, fuse-overlayfs-snapshotter, amazon-cloudwatch-agent, cilium-cli, crossplane-provider-azure-storage, hugo, rook, cloud-provider-aws, crossplane-provider-aws-elasticache, nats, aws-load-balancer-controller, jitsucom-bulker, prometheus-operato...

5.8AI score
Exploits0
OSV
OSV
added 2024/12/18 9:15 p.m.5 views

AZL-54446 CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
Rows per page
Query Builder