Lucene search
K

9264 matches found

GithubExploit
GithubExploit
added 2023/12/28 11:36 a.m.724 views

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

Proof Of Concept of SSRF on Request-Baskets CVE-2023-27163...

6.5CVSS6.3AI score0.07497EPSS
Exploits29
Tenable Nessus
Tenable Nessus
added 2023/12/27 12:0 a.m.32 views

NewStart CGSL MAIN 5.04 : docker-ce Vulnerability (NS-SA-2023-0109)

The remote NewStart CGSL host, running version MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up...

6.3CVSS7.2AI score0.00807EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/12/27 12:0 a.m.33 views

NewStart CGSL MAIN 6.06 : docker-ce Multiple Vulnerabilities (NS-SA-2023-0095)

The remote NewStart CGSL host, running version MAIN 6.06, has docker-ce packages installed that are affected by multiple vulnerabilities: - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is...

9.8CVSS7.6AI score0.08359EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/25 10:14 a.m.34 views

Security Bulletin: Multiple Multiple Vulnerabilities in Docker affect Cloud Pak System [CVE-2023-28840, CVE-2023-28841, CVE-2023-28842]

Summary Vulnerabilities were identified within Docker shipped as pattern type pType component with Cloud Pak System Software. IBM Cloud Pak System Software addressed these vulnerabilities CVE-2023-28840, CVE-2023-28841, CVE-2023-28842. Vulnerability Details CVEID:CVE-2023-28840 DESCRIPTION: Moby ...

8.7CVSS8.4AI score0.02733EPSS
Exploits2Affected Software1
Gitee
Gitee
added 2023/12/22 10:2 p.m.4 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

开源工具 SpringBoot-Scan 的GUI图形化版本,对你有用的话麻烦点个Star哈哈 注意:本工具内置相关漏洞的Exp,杀软报毒属于正常现象! 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...

10CVSS8.3AI score0.99939EPSS
Exploits181
OpenVAS
OpenVAS
added 2023/12/21 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2023:4936-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS7.1AI score0.00462EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2023/12/21 12:0 a.m.32 views

SUSE SLES15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2023:4936-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4936-1 advisory. docker: - Update to Docker 24.0.7-ce. See upstream changelong online at...

5.5CVSS6.7AI score0.00462EPSS
Exploits0References15
OSV
OSV
added 2023/12/20 4:18 p.m.8 views

SUSE-SU-2023:4936-1 Security update for docker, rootlesskit

This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/2407. bsc1217513 Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc1170415...

5.5CVSS6.7AI score0.00462EPSS
Exploits0References12
GithubExploit
GithubExploit
added 2023/12/20 8:46 a.m.399 views

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 : Apache Struts 2 vulnerable Docker container...

9.8CVSS10AI score0.80819EPSS
Exploits15
OSV
OSV
added 2023/12/18 4:15 p.m.8 views

AZL-35435 CVE-2023-48795 affecting package docker-buildx for versions less than 0.14.0-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

5.9CVSS6.7AI score0.93305EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2023/12/18 12:0 a.m.37 views

Mageia: Security Advisory (MGASA-2023-0349)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.27069EPSS
Exploits0References4
Mageia
Mageia
added 2023/12/17 10:40 p.m.50 views

Updated golang packages fix security vulnerabilities

Update to upstream golang 1.21.5 to fix CVE-2023-39326 and CVE-2023-452835 In Mageia 8, this update also allows build nodes to build docker stack...

7.5CVSS6.7AI score0.02758EPSS
Exploits0References2
OSV
OSV
added 2023/12/17 10:40 p.m.6 views

MGASA-2023-0349 Updated golang packages fix security vulnerabilities

Update to upstream golang 1.21.5 to fix CVE-2023-39326 and CVE-2023-452835 In Mageia 8, this update also allows build nodes to build docker stack...

7.5CVSS6.8AI score0.02758EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2023/12/15 3:38 a.m.163 views

Exploit for Incorrect Authorization in Polkit_Project Polkit

CVE-2021-3560-Polkit-Privilege-Escalation by Mark, Qingchen Yu...

7.8CVSS8.4AI score0.22193EPSS
Exploits37
GithubExploit
GithubExploit
added 2023/12/14 9:32 a.m.657 views

Exploit for Code Injection in Apache Ofbiz

ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For C...

9.8CVSS9.5AI score0.95442EPSS
Exploits11
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/13 5:48 p.m.60 views

Security Bulletin: IBM Security Verify Access is vulnerable to Rapid Reset attacks if HTTP2 is enabled (CVE-2023-44487)

Summary The Webseal component of IBM Security Verify Access product is vulnerable to CVE-2023-44487, a flaw in handling multiplexed streams in the HTTP/2 protocol. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/11 6:42 p.m.27 views

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOK...

6.5CVSS7.1AI score0.00556EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2023/12/11 7:21 a.m.15 views

Security Misconfiguration

dockerspawner is vulnerable to Security Misconfiguration. The vulnerability is due to overly permissible pull container image configuration. An attacker can launch any pullable image as a result of this vulnerability...

8CVSS6.7AI score0.00633EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/08 8:8 p.m.30 views

CVE-2023-48311 Any image allowed by default

dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable docker image, instead of restricting to...

8CVSS7.9AI score0.00633EPSS
Exploits0References2
CVE
CVE
added 2023/12/08 8:8 p.m.54 views

CVE-2023-48311

CVE-2023-48311 affects dockerspawner for JupyterHub deployments. Versions 0.11.0 through 12 (and up to 13 in some advisories) permit users to launch any pullable Docker image when DockerSpawner.allowed_images is not explicitly restricted, instead of only the configured image. Root cause: misconfi...

8CVSS5.8AI score0.00633EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder