Gcp_Scanner - A Comprehensive Scanner For Google Cloud

This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The scanner is designed to help security engineers evaluate the impact of a certain VM/container compromise, GCP service account or OAuth2 token key leak. Currently, the scanner support...

Security Bulletin: Postgresql JDBC drivers shipped with IBM Security Verify Access have a vulnerability (CVE-2022-41946)

Summary Postgresql JDBC as shipped with IBM Security Verify Access has addressed a vulnerability that could allow a local authenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to...

Sirius - First Truly Open-Source General Purpose Vulnerability Scanner

Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Sca...

Cisco IOx Application Hosting Environment Privilege Escalation (cisco-sa-rdocker-uATbukKn)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure that could allow an authenticated, remote attacker to access the underlying operating system ...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

Command injection

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

CVE-2023-43069

Dell SmartFabric Storage Software versions 1.4 and earlier are affected by an OS command injection vulnerability in the CLI. An authenticated local attacker could potentially inject parameters to curl or docker, enabling arbitrary command execution. Impact includes possible compromise of confiden...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

CVE-2023-20235

The CVE-2023-20235 issue affects Cisco IOS XE IOS IOx application hosting workflow. It arises because Docker containers using the privileged runtime option are not blocked when in development mode, enabling an authenticated, remote attacker to access the underlying operating system as root via th...

Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docke...

PT-2023-6047 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure could allow an authenticated, remote attacker to...

Pinkerton - An JavaScript File Crawler And Secret Finder Developed In Python

️️ Pinkerton is a Python tool created to crawl JavaScript files and search for secrets Installing / Getting started A quick guide of how to install and use Pinkerton. 1. Clone the repository with: git clone https://github.com/oppsec/pinkerton.git 2. Install the libraries with: pip3 install -r...

Code injection

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0...

CVE-2023-5165

CVE-2023-5165 affects Docker Desktop: versions 4.13.0 through 4.22.x are vulnerable to bypassing Enhanced Container Isolation (ECI) via the debug shell, allowing an unprivileged user to access restricted functionality. The root cause is exposure of the debug shell after startup, with access windo...

CVE-2023-5165 Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...

Amazon Linux 2023 : docker (ALAS2023-2023-345)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-345 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now...

Fedora: Security Advisory (FEDORA-2023-b9c1d0e4c5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: moby-engine-24.0.5-1.fc39

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...