Lucene search
K

9275 matches found

Tenable Nessus
Tenable Nessus
added 2024/09/03 12:0 a.m.10 views

RHEL 9 : buildah (RHSA-2024:6189)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6189 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working...

5.9CVSS7.4AI score0.00667EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/02 4:54 p.m.17 views

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

5.4CVSS7AI score0.00341EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/02 4:54 p.m.19 views

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

5.4CVSS0.00341EPSS
Exploits0References4
CVE
CVE
added 2024/09/02 4:54 p.m.58 views

CVE-2024-45313

Summary: CVE-2024-45313 affects Overleaf Server Pro when installed via the Overleaf Toolkit or legacy docker-compose deployments prior to mid-2024. By default, LaTeX compiles could access the sharelatex container resources (filesystem, network, environment variables) if security features were not...

5.4CVSS5.5AI score0.00341EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/02 4:54 p.m.16 views

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

5.4CVSS7.1AI score0.00341EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.550 views

Joomla API Improper Access Checks

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla API Improper Access Checks', 'Description' = %q Joomla versions between 4.0.0 and 4.2.7, inclusive, contain an improper API access...

5.3CVSS7.2AI score0.99827EPSS
Exploits43
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.276 views

SaltStack Salt Master Server Root Key Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...

9.8CVSS7.4AI score0.96405EPSS
Exploits25
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.238 views

ownCloud Phpinfo Reader

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ownCloud Phpinfo Reader', 'Description' = %q Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or...

10CVSS7AI score0.78428EPSS
Exploits5
OSV
OSV
added 2024/08/30 11:9 a.m.7 views

OESA-2024-2074 moby security update

Docker is a product for you to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an...

9.9CVSS6.7AI score0.16496EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/08/30 12:0 a.m.4 views

The vulnerability of the Relay Hosts Configuration function in the Docker-based deployment and email server management tool, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the Relay Hosts Configuration function in the Docker-based deployment and email server management tool, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute...

5.5CVSS5.8AI score0.00308EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/30 12:0 a.m.4 views

The vulnerability of the API journal of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the log function API of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

9CVSS5.9AI score0.00332EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/08/29 12:0 a.m.37 views

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...

10CVSS7AI score0.02983EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/08/29 12:0 a.m.49 views

Amazon Linux 2 : docker (ALASDOCKER-2024-044)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-044 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...

10CVSS7AI score0.02983EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/08/29 12:0 a.m.10 views

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-046)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-046 advisory. When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial...

9.8CVSS7AI score0.01952EPSS
Exploits0References6
Amazon
Amazon
added 2024/08/29 12:0 a.m.3 views

Important: docker

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

10CVSS7AI score0.02983EPSS
Exploits0
Amazon
Amazon
added 2024/08/29 12:0 a.m.4 views

Medium: runc

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: runc Note: This advisory is applicable to Amazon Linu...

9.8CVSS7AI score0.01952EPSS
Exploits0
Amazon
Amazon
added 2024/08/29 12:0 a.m.3 views

Medium: docker

Issue Overview: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorizatio...

9.8CVSS6.8AI score0.01952EPSS
Exploits0
Amazon
Amazon
added 2024/08/29 12:0 a.m.5 views

Medium: docker

Issue Overview: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorizatio...

9.8CVSS6.8AI score0.01952EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/29 12:0 a.m.14 views

Amazon Linux 2 : docker (ALASDOCKER-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-045 advisory. When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an...

9.8CVSS7AI score0.01952EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2024/08/26 9:7 a.m.240 views

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 POC & Lab For CVE-2021-41773 Setup Lab...

7.5CVSS8.3AI score0.99992EPSS
Exploits148
Rows per page
Query Builder