Lucene search
K

9273 matches found

Spring Security Advisories
Spring Security Advisories
added 2023/11/14 12:0 a.m.8 views

This Week in Spring - November 14th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...

7.1AI score
Exploits0
HackRead
HackRead
added 2023/11/13 1:27 p.m.29 views

OracleIV DDoS Botnet Malware Targets Docker Engine API Instances

By Waqas While OracleIV is not a supply chain attack, it highlights the ongoing threat of misconfigured Docker Engine API deployments. This is a post from HackRead.com Read the original post: OracleIV DDoS Botnet Malware Targets Docker Engine API Instances...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2023/11/12 11:34 p.m.16 views

Exploit for Injection in Discourse

Table of contents ================= CVE-2023-47119cve...

6.1CVSS7.3AI score0.00943EPSS
Exploits1
Wolfi
Wolfi
added 2023/11/12 3:55 p.m.38 views

GHSA-8PGV-569H-W5RW vulnerabilities

Vulnerabilities for packages: kine, kubernetes, volume-modifier-for-k8s, kubevela, temporal-server, kubernetes-csi-external-resizer, k3s, buildkitd, kubescape, temporal, cri-tools, docker-compose, metrics-server, envoy-ratelimit...

5.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.5 views

The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments, related to improper permission storage, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

6.3CVSS6.6AI score0.02693EPSS
Exploits3References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.4 views

The vulnerability of the replication function of Docker, a tool for automating the deployment and management of applications in containerized environments, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the replication function of Docker’s containerization and application deployment/management tools is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

6.3CVSS6.2AI score0.0027EPSS
Exploits0References10Affected Software4
Wolfi
Wolfi
added 2023/11/10 7:15 p.m.86 views

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: kine, kubernetes, volume-modifier-for-k8s, kubevela, temporal-server, kubernetes-csi-external-resizer, k3s, buildkitd, kubescape, temporal, cri-tools, docker-compose, metrics-server, envoy-ratelimit...

7.5CVSS6.8AI score0.01592EPSS
Exploits0
OSV
OSV
added 2023/11/10 7:15 p.m.7 views

AZL-35434 CVE-2023-47108 affecting package docker-buildx for versions less than 0.14.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6.8AI score0.01592EPSS
Exploits0References1
OSV
OSV
added 2023/11/10 7:15 p.m.7 views

AZL-35440 CVE-2023-47108 affecting package docker-compose for versions less than 2.27.0-1

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6.7AI score0.01592EPSS
Exploits0References1
Fedora
Fedora
added 2023/11/09 1:22 a.m.15 views

[SECURITY] Fedora 39 Update: podman-4.7.2-1.fc39

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

7.7AI score
Exploits0
OpenVAS
OpenVAS
added 2023/11/09 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2023-3118)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.27392EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2023/11/09 12:0 a.m.54 views

NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2023-0142)

The remote NewStart CGSL host, running version MAIN 6.06, has neod packages installed that are affected by multiple vulnerabilities: - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfslinux.go incorrectl...

7AI score0.27392EPSS
Exploits6References15
NVD
NVD
added 2023/11/07 4:20 a.m.15 views

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

6.5CVSS6.5AI score0.00899EPSS
Exploits1References3
OSV
OSV
added 2023/11/07 4:20 a.m.14 views

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

6.5CVSS7AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/11/07 4:20 a.m.5 views

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

6.5CVSS5.8AI score0.00899EPSS
Exploits1References4
Prion
Prion
added 2023/11/07 4:20 a.m.22 views

Sql injection

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

4.3CVSS7.2AI score0.00899EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.25 views

Rocky Linux 8 : container-tools:3.0 (RLSA-2022:1793)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1793 advisory. - A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where...

7.5CVSS7.8AI score0.01124EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2023/11/07 12:0 a.m.75 views

Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

9.8CVSS7.2AI score0.04561EPSS
Exploits1References24
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.58 views

Fedora 39 : moby-engine (2023-b9c1d0e4c5)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b9c1d0e4c5 advisory. - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix...

8.7CVSS6.6AI score0.02733EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.21 views

Rocky Linux 8 : container-tools:3.0 (RLSA-2022:1565)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1565 advisory. - A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker...

7.5CVSS7.3AI score0.01441EPSS
Exploits0References6
Rows per page
Query Builder