Lucene search
K

9270 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/09/30 4:56 p.m.59 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

10CVSS10AI score0.29179EPSS
Exploits3Affected Software1
GithubExploit
GithubExploit
added 2024/09/28 11:16 p.m.138 views

Exploit for CVE-2024-38816

CVE-2024-38816 Proof of Concept PoC This is a proof of conc...

7.5CVSS7.5AI score0.14718EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/09/28 12:0 a.m.17 views

GLSA-202409-29 : Docker: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-29 Docker: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly fro...

10CVSS7.6AI score0.05623EPSS
Exploits6References21
Gentoo Linux
Gentoo Linux
added 2024/09/28 12:0 a.m.24 views

Docker: Multiple Vulnerabilities

Background Docker contains the the core functions you need to create Docker images and run Docker containers Description Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

10CVSS7.7AI score0.05623EPSS
Exploits6
NVD
NVD
added 2024/09/27 2:15 p.m.35 views

CVE-2024-47182

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...

7.5CVSS0.00205EPSS
Exploits0References2
OSV
OSV
added 2024/09/27 1:58 p.m.16 views

CVE-2024-47182 Dozzle uses unsafe hash for passwords

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...

4.8CVSS7.8AI score0.00205EPSS
Exploits0References4
NVD
NVD
added 2024/09/26 8:15 p.m.11 views

CVE-2024-47179

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS0.00714EPSS
Exploits0References8
OSV
OSV
added 2024/09/26 7:10 p.m.9 views

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS7.1AI score0.00714EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.4 views

PT-2024-32460 · Rsshub · Rsshub

Name of the Vulnerable Software and Affected Versions: RSSHub versions prior to commit 64e00e7 Description: RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have led to a full repository takeover. The workflow gets triggered when the PR - Docker build test...

8.8CVSS7.2AI score0.00714EPSS
Exploits0References17
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.2 views

RSSHub 输入验证错误漏洞

RSSHub is the world's largest RSS network open-sourced by DIYgod, consisting of over 5000 global instances. RSSHub suffers from an input validation error vulnerability that stems from the vulnerability of RSSHub's docker-test-cont.yml workflow to a poisoning attack, which could lead to a takeover...

8.8CVSS6.7AI score0.00714EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/25 4:44 p.m.5 views

Malicious code in faest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f66b290465d72fc55bce4fef4200ebea68c430be84cdcbbabec5263958041781 When using this library to do any request, a "validateorigin" function is called L1320 in client.py. This method, located in utils.py, collects all request dat...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.23 views

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2024-2462)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

7.8CVSS7AI score0.00258EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/09/23 8:30 p.m.36 views

lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)

Summary SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address. PoC 1. Ru...

9CVSS6.6AI score0.10996EPSS
Exploits4References6Affected Software1
OpenVAS
OpenVAS
added 2024/09/23 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2462)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.3AI score0.00258EPSS
Exploits0References2
Kitploit
Kitploit
added 2024/09/21 11:30 a.m.559 views

Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking

The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a...

7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2024/09/21 12:0 a.m.3 views

Stirling-PDF 跨站脚本漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A cross-site scripting vulnerability exists in Stirling-PDF version 0.28.3 and earlier, which stems from unknown code in the Markdown-to-PDF component and results in a...

5.4CVSS3.9AI score0.00409EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/09/19 5:30 a.m.24 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.37 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

9.9CVSS7.3AI score0.02321EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2024/09/19 12:0 a.m.16 views

Docker Desktop < 4.34.2 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...

9.8CVSS6.4AI score0.01251EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/19 12:0 a.m.20 views

Docker Desktop < 4.34.2 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...

9.8CVSS6.5AI score0.01251EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/19 12:0 a.m.19 views

Docker Desktop < 4.34.2 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...

9.8CVSS6.5AI score0.01251EPSS
Exploits0References2
Rows per page
Query Builder