Lucene search
K

9275 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/15 12:0 a.m.18 views

Docker Desktop < 4.6.0 Improper Link Resolution

The version of Docker Desktop for Windows is prior to 4.6.0. It is therefore affected by a vulnerability that allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Note that Nessus has not tested for this issue...

7.1CVSS7AI score0.00425EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/15 12:0 a.m.86 views

Docker Desktop < 4.6.0 DirtyPipe

The version of Docker Desktop for Mac is prior to 4.6.0. It is therefore affected by CVE-2022-0847, AKA 'DirtyPipe', an issue that could enable attackers to modify files in container images on the host, from inside a container. A flaw was found in the way the 'flags' member of the new pipe buffer...

7.8CVSS7.2AI score0.88106EPSS
Exploits100References2
Tenable Nessus
Tenable Nessus
added 2023/09/15 12:0 a.m.35 views

Docker Desktop < 2.3.0.2 Privilege Escalation

The version of Docker Desktop for Windows is prior to 2.3.0.2. It is therefore affected by a privilege escalation vulnerability whereby if a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Servic...

7.8CVSS7.1AI score0.00935EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/09/15 12:0 a.m.32 views

Docker Desktop < 4.5.0 Incorrect File Permissions

The version of Docker Desktop for Windows is prior to 4.5.0. It is therefore affected by a vulnerability that allows attackers to move arbitrary files. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900...

5.3CVSS6.8AI score0.00926EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/15 12:0 a.m.53 views

Docker Desktop for Windows < 4.6.0 DirtyPipe

The version of Docker Desktop for Windows is prior to 4.6.0. It is therefore affected by CVE-2022-0847, AKA 'DirtyPipe', an issue that could enable attackers to modify files in container images on the host, from inside a container. A flaw was found in the way the 'flags' member of the new pipe...

7.8CVSS7AI score0.88106EPSS
Exploits100References2
Huntr
Huntr
added 2023/09/13 9:58 p.m.17 views

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...

6.8AI score0.0073EPSS
Exploits1
0day.today
0day.today
added 2023/09/11 12:0 a.m.362 views

Kibana Timelion Prototype Pollution Remote Code Execution Exploit

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the...

10CVSS9.8AI score0.95338EPSS
Exploits12
Metasploit
Metasploit
added 2023/09/08 7:52 p.m.1805 views

Prometheus Node Exporter And Windows Exporter Information Gather

This modules connects to a Prometheus Node Exporter or Windows Exporter service and gathers information about the host. Tested against Docker image 1.6.1, Linux 1.6.1, and Windows 0.23.1 Module Options msf use auxiliary/gather/prometheusnodeexportergather msf auxiliaryprometheusnodeexportergather...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/09/08 12:19 p.m.39 views

Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes

Impact The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to t...

6.6CVSS6.5AI score0.00571EPSS
Exploits0References4Affected Software5
Kitploit
Kitploit
added 2023/09/07 11:30 a.m.44 views

DorXNG - Next Generation DorX. Built By Dorks, For Dorks

DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine. Our SearXNG...

7.2AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.36 views

Oracle Linux 7 : docker-engine (ELSA-2019-4597)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4597 advisory. 18.03.1.ol-0.0.14 - rebuild 18.03.1.ol-0.0.13 - update for CVE-2018-20699 Tenable has extracted the preceding description block directly from the Oracle Linux...

4.9CVSS5.9AI score0.02231EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.29 views

Oracle Linux 7 : docker-engine / docker-cli (ELSA-2020-5728)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5728 advisory. - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 - update to 19.03.11 for CVE-2020-13401 - apply...

9.3CVSS7AI score0.9857EPSS
Exploits33References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.31 views

Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1650)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1650 advisory. - A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux...

7CVSS7AI score0.01849EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.30 views

Oracle Linux 7 : docker-engine (ELSA-2019-4551)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4551 advisory. - update runc for CVE-2019-5736 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

9.3CVSS7.1AI score0.9857EPSS
Exploits33References3
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.30 views

Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5823)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5823 advisory. - Address CVE-2020-16845 - update to 19.03.11 for CVE-2020-13401 - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 - Address CVE-2020-16845 ...

9.3CVSS7AI score0.9857EPSS
Exploits33References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.16 views

Oracle Linux 7 : runc (ELSA-2019-4540)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-4540 advisory. - Apply patch for CVE-2019-5736 Wiekus Beukes - Resolves: 1412238 - CVE-2016-9962 - set init processes as non-dumpable, runc patch from Michael Crosby Tenable h...

9.3CVSS7AI score0.9857EPSS
Exploits33References2
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.26 views

Oracle Linux 7 : docker-engine (ELSA-2019-4550)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4550 advisory. - apply fix for runc CVE-2019-5736 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

9.3CVSS7.1AI score0.9857EPSS
Exploits33References3
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.44 views

Oracle Linux 7 : docker-engine / docker-cli (ELSA-2019-4827)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4827 advisory. docker-engine 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 Tenable has extracted the preceding description block directly from the...

9.8CVSS7.4AI score0.18828EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.8 views

Docker Desktop Installed (macOS)

Binary data dockerformacinstalled.nbin...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.38 views

Oracle Linux 7 : docker-engine (ELSA-2019-4813)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4813 advisory. 18.09.8-1.0.4 - Modified version to include ol suffix 18.09.8-1.0.3 - ol7 image related changes 18.09.8-1.0.2 - Merge upstream for CVE fixes. Tenable h...

8.4CVSS6.8AI score0.03653EPSS
Exploits1References3
Rows per page
Query Builder