Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2023/07/14 12:0 a.m.34 views

Amazon Linux 2 : containerd (ALASECS-2023-002)

The version of containerd installed on the remote host is prior to 1.6.19-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-002 advisory. containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can...

7.8CVSS7.2AI score0.00259EPSS
Exploits1References8
Tenable Nessus
Tenable Nessusadded 2023/04/04 12:0 a.m.108 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-156)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-156 advisory. containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched...

7.8CVSS7.2AI score0.00259EPSS
Exploits1References8
OSV
OSVadded 2023/02/16 2:9 p.m.30 views

CVE-2023-25173 containerd supplementary groups are not set up properly

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...

5.3CVSS6.8AI score0.00023EPSS
Exploits1References14
Prion
Prionadded 2022/04/13 9:15 p.m.13 views

Deserialization of untrusted data

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

7.5CVSS7.2AI score0.08237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/04/13 8:55 p.m.14 views

CVE-2022-24818 Unchecked JNDI lookups in GeoTools

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

8.2CVSS8.6AI score0.08237EPSS
Exploits0References2
CNNVD
CNNVDadded 2021/05/14 12:0 a.m.2 views

handlebars 代码注入漏洞

handlebars is a semanticized web template system. A code injection vulnerability exists in Express-handlebars, where a layout parameter may trigger a file disclosure vulnerability in a downstream application...

8.6CVSS7.3AI score0.86122EPSS
Exploits1References8
CNNVD
CNNVDadded 2020/12/14 12:0 a.m.4 views

Google Go encoding security vulnerability

Google Go encoding is a code library from Google Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in the Go encoding/xml package that stems from not properly preserving the semantics of attribute namespace prefixes during tokenizatio...

9.8CVSS6.9AI score0.00187EPSS
Exploits0References4
Rows per page
Query Builder