Lucene search
K

9292 matches found

Mageia
Mageia
added 2020/07/05 3:53 p.m.36 views

Updated docker packages fix security vulnerability

Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a...

6CVSS2.6AI score0.02839EPSS
Exploits0References2
OSV
OSV
added 2020/07/05 3:53 p.m.6 views

MGASA-2020-0279 Updated docker packages fix security vulnerability

Updated docker packages fix security vulnerability: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a...

6CVSS5.9AI score0.02839EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2020/07/03 8:37 a.m.44 views

Exploit for Path Traversal in Bludit

Bludit Directory Traversal Vulnerability CVE-2019–16113 Blu...

8.8CVSS6.8AI score0.77962EPSS
Exploits16
Debian
Debian
added 2020/07/02 6:41 p.m.52 views

[SECURITY] [DSA 4716-1] docker.io security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4716-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 02, 2020 https://www.debian.org/security/faq -...

6CVSS6.1AI score0.02839EPSS
Exploits0
NVD
NVD
added 2020/07/02 5:15 p.m.25 views

CVE-2020-15080

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...

5.3CVSS0.00941EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/02 5:15 p.m.4 views

CVE-2020-15080

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...

5.3CVSS5.7AI score0.00941EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/07/02 4:45 p.m.23 views

CVE-2020-15080 Information disclosure in release archive in PrestaShop

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...

5.3CVSS5.1AI score0.00941EPSS
Exploits0References2
CNVD
CNVD
added 2020/06/28 12:0 a.m.7 views

Docker Desktop Elevation of Privilege Vulnerability

Docker Desktop is an application for MacOS and Windows computers for building and sharing containerized applications and microservices. An elevation of privilege vulnerability exists in com.docker.vmnetd in Docker Desktop 2.3.0.3. The vulnerability stems from a lack of client-side authentication...

7.8CVSS6.8AI score0.00681EPSS
Exploits1References1
CNVD
CNVD
added 2020/06/28 12:0 a.m.8 views

Docker Resource Management Error Vulnerability (CNVD-2021-22843)

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

8.8CVSS8.5AI score0.00323EPSS
Exploits0References1
OSV
OSV
added 2020/06/27 1:15 p.m.1 views

CVE-2020-15360

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification...

7.8CVSS7.1AI score0.00681EPSS
Exploits1References2
NVD
NVD
added 2020/06/27 1:15 p.m.15 views

CVE-2020-15360

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification...

7.8CVSS0.00681EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/06/27 1:15 p.m.46 views

CVE-2020-15360

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification...

7.8CVSS7.1AI score0.00681EPSS
Exploits1References3
Prion
Prion
added 2020/06/27 1:15 p.m.22 views

Design/Logic Flaw

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification...

4.6CVSS7.8AI score0.00681EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/06/27 12:7 p.m.16 views

CVE-2020-15360

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification...

7.8AI score0.00681EPSS
Exploits1References2
CVE
CVE
added 2020/06/27 12:7 p.m.59 views

CVE-2020-15360

The provided connected documents identify CVE-2020-15360 as an elevation of privilege in Docker Desktop 2.3.0.3 caused by com.docker.vmnetd due to a lack of client verification/authentication. Affected product/component: Docker Desktop (Windows/macOS) with the vmnetd helper. Impact: privilege esc...

7.8CVSS7.8AI score0.00681EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/27 9:38 a.m.41 views

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to Java, WebSphere Liberty and docker images used by IBM Cloud Pak for Automation ICP4A. More precisely these are in IBM® SDK Java™ Technology Edition, Version 8 disclosed as part of the IBM Java SDK updates in October 2019 and January 2020, and in WebSpher...

9.8CVSS1.4AI score0.14961EPSS
Exploits4Affected Software1
Gitee
Gitee
added 2020/06/26 4:35 p.m.3 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository carvin0316/vulhub contains a collection of vulnerable environments based on Docker-Compose. The target product/service or framework is not explicitly stated, but the environments are designed to be...

7.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/06/26 1:0 p.m.23 views

This Week in Security News: XORDDoS and Kaiji Botnet Malware Variants Target Exposed Docker Servers and Ripple20 Vulnerabilities Could Impact Millions of IoT Devices

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about two recently detected variants of existing Linux botnet malware types targeting exposed Docker servers. Also, read about a group...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/06/25 10:42 a.m.29 views

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service DDoS attacks and mine cryptocurrencies...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/06/25 10:42 a.m.4 views

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service DDoS attacks and mine cryptocurrencies...

5.8AI score
Exploits0
Rows per page
Query Builder