Lucene search
K

9270 matches found

CNNVD
CNNVD
added 2023/11/06 12:0 a.m.6 views

Docker Security Vulnerabilities

Docker is an open source application container engine from the American company Docker. The product supports the creation of a container lightweight virtual machine and the deployment and running of applications on Linux systems, as well as the automated installation, deployment, and upgrading of...

6.5CVSS6.7AI score0.00899EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/11/03 12:0 a.m.31 views

Amazon Linux AMI : docker (ALAS-2023-1881)

The version of docker installed on the remote host is prior to 20.10.13-3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1881 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Tenable has extracted the preceding description block...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
Amazon
Amazon
added 2023/11/03 12:0 a.m.59 views

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: docker Issue Correction: Run yum update docker or yum update --advisory ALAS-2023-1881 to update your system. New Packages: src: docker-20.10.13-3.amzn1.src x8664: ...

7.5CVSS7.2AI score0.04561EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.111 views

Amazon Linux 2 : docker (ALASECS-2023-019)

The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-019 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks...

9.8CVSS7.5AI score0.04561EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2023/10/30 3:40 p.m.28 views

Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...

7.2CVSS8.8AI score0.01466EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/10/30 3:40 p.m.47 views

GHSA-FJHG-96CP-6FCW Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...

7.2CVSS7.6AI score0.01466EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2023/10/30 10:56 a.m.41 views

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service AWS identity and access management IAM credentials within public GitHub repositories to facilitate cryptojacking activities. "As a result of this, the threat actor associated with the campaign was able to...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2023/10/25 5:10 p.m.501 views

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

9.8CVSS9.8AI score0.97924EPSS
Exploits36
GithubExploit
GithubExploit
added 2023/10/25 5:10 p.m.457 views

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

9.8CVSS9.8AI score0.97924EPSS
Exploits36
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.23 views

Amazon Linux 2023 : docker (ALAS2023-2023-397)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-397 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.9AI score0.03796EPSS
Exploits0References4
Amazon
Amazon
added 2023/10/24 12:0 a.m.3 views

Important: docker

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: docker Issue Correction: Run dnf update docker...

7.5CVSS6.8AI score0.03796EPSS
Exploits0
Veracode
Veracode
added 2023/10/23 11:37 a.m.17 views

Credential Hijacking

github.com/artifacthub/hub is vulnerable to Credential Hijacking. This vulnerability exists in the registryIsDockerHub function in oci.go because it does not properly check the domain registry in docker hub, which allows an attacker to deploy a fake OCI registry on a domain ending with docker.io,...

6.3CVSS6.7AI score0.00206EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.32 views

Ubuntu 16.04 ESM : runC vulnerabilities (USN-4867-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4867-1 advisory. It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory...

8.5CVSS7.1AI score0.06604EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.32 views

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2023-030)

The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2023-030 advisory. http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly conside...

9.8CVSS7.5AI score0.04561EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.28 views

Amazon Linux 2 : docker (ALASECS-2023-013)

The version of docker installed on the remote host is prior to 20.10.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-013 advisory. A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the...

6.3CVSS6.9AI score0.00807EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.60 views

Amazon Linux 2 : docker (ALASDOCKER-2023-031)

The version of docker installed on the remote host is prior to 20.10.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2023-031 advisory. 2025-03-03: CVE-2023-29409 was added to this advisory. 2024-05-09: CVE-2022-41723 was added to this advisory...

9.8CVSS7.5AI score0.04561EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.27 views

Amazon Linux 2 : docker (ALASECS-2023-015)

The version of docker installed on the remote host is prior to 20.10.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-015 advisory. A flaw was found in the userns-remap feature of Docker. The root user in the remapped namespace can modify files under...

6.8CVSS6.9AI score0.03287EPSS
Exploits0References6
Prion
Prion
added 2023/10/19 9:15 p.m.13 views

Design/Logic Flaw

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/19 8:53 p.m.16 views

CVE-2023-45821 Incorrect Docker Hub registry check in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

5.4CVSS7AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/19 8:53 p.m.38 views

CVE-2023-45821 Incorrect Docker Hub registry check in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

5.4CVSS6.6AI score0.00206EPSS
Exploits0References2
Rows per page
Query Builder