Lucene search
K

9264 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/20 12:0 a.m.24 views

SUSE SLES15: libopenvswitch-2_13-0 / libovn-20_03-0 / openvswitch / etc (SUSE-SU-2024:0526-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0526-1 advisory. - CVE-2024-22563: Fixed memory leak via the function xmalloc in /lib/util.c bsc1219059. Tenable has extracted the preceding description bloc...

7.5CVSS7.1AI score0.00568EPSS
Exploits0References4
Amazon
Amazon
added 2024/02/20 12:0 a.m.3 views

Low: containerd

Issue Overview: Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325. Affected Packages: containerd Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.7 views

The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, a access control system from IBM Security Verify Access, has a flaw related to improper restrictions on XML links to external objects. This allows attackers to carry out XXE attacks.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in the improper restriction on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

7.5CVSS7.2AI score0.00963EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2024/02/19 12:5 a.m.13 views

OSV-2024-117 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66745 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/java.nio.charset.CharsetEncoder. java.base/sun.nio.cs.CESU8$Encoder...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/02/16 12:0 a.m.11 views

FreeBSD : gitea -- Prevent anonymous container access (bd7592a1-cbfd-11ee-a42a-5404a6f3ca32)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd7592a1-cbfd-11ee-a42a-5404a6f3ca32 advisory. - Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

5.6AI score
Exploits0References2
Kitploit
Kitploit
added 2024/02/15 11:30 a.m.46 views

WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications

WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done x Scan Static Files. Scan Metadata Of Public Documents pdf,doc,xls,ppt,docx,pptx,xlsx etc. Create a New Associated Wordlist with the Wordlist Given as a...

7.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.4 views

The vulnerability of the official interface for developing container applications in Plone Docker allows a hacker to gain access to modify or delete files.

The vulnerability of the official Plone Docker image for container applications lies in the absence of a mechanism to prevent unintended modifications to resources during request processing. Exploiting this vulnerability could allow an attacker to gain access to modify or delete files using PUT a...

5.5CVSS7.2AI score0.00602EPSS
Exploits1References5
NVD
NVD
added 2024/02/13 7:15 p.m.12 views

CVE-2024-1355

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

9.1CVSS9.5AI score0.02363EPSS
Exploits0References4
Prion
Prion
added 2024/02/13 7:15 p.m.21 views

Command injection

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

5.8CVSS7.7AI score0.02363EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/13 6:51 p.m.5 views

CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

9.1CVSS7.7AI score0.02363EPSS
Exploits0References4
CVE
CVE
added 2024/02/13 6:51 p.m.93 views

CVE-2024-1355

CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...

9.1CVSS9.4AI score0.02363EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/09 8:4 p.m.82 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access

Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access updates. Vulnerability Details CVEID:CVE-2023-31003 DESCRIPTION: IBM Security Access Manager Container IBM Security Verify Access...

9.8CVSS10AI score0.01034EPSS
Exploits1Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2024/02/09 7:35 p.m.49 views

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...

7.5CVSS8.6AI score0.95086EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.157 views

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Windows is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacke...

10CVSS6.9AI score0.18087EPSS
Exploits20References8
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.95 views

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...

10CVSS6.9AI score0.18087EPSS
Exploits20References8
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.89 views

Docker Desktop < 4.27.1 Multiple Vulnerabilities

The version of Docker Desktop for Mac is prior to 4.27.1. It is therefore affected by multiple vulnerabilities. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker...

10CVSS6.9AI score0.18087EPSS
Exploits20References8
NVD
NVD
added 2024/02/08 9:15 p.m.18 views

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

7.5CVSS7.7AI score0.00602EPSS
Exploits1References1
OSV
OSV
added 2024/02/08 9:15 p.m.36 views

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

7.5CVSS7.3AI score0.00602EPSS
Exploits1References1
Prion
Prion
added 2024/02/08 9:15 p.m.18 views

Design/Logic Flaw

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

5CVSS7.8AI score0.00602EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2024/02/08 8:55 p.m.320 views

Exploit for Code Injection in Apache Commons_Text

Install maven - maven-linuxhttps://www.digitalocean.com/c...

9.8CVSS7.9AI score0.99931EPSS
Exploits41
Rows per page
Query Builder