CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5460 matches found

OSV•added 2023/04/04 9:12 p.m.•26 views

CVE-2023-28841 moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

6.8CVSS6.9AI score0.00696EPSS

Exploits1References13

CVE•added 2023/04/04 9:12 p.m.•697 views

CVE-2023-28841

CVE-2023-28841 describes a vulnerability in Moby/Docker Swarm encrypted overlay networks where, on affected platforms, encrypted overlay traffic can silently transmit unencrypted data due to how IPSec/VXLAN are enforced via iptables rules (using the xt_u32 module and VNI filtering). This can allo...

6.8CVSS7.4AI score0.00696EPSS

Exploits1References11Affected Software1

Debian CVE•added 2023/04/04 9:12 p.m.•30 views

CVE-2023-28841

6.8CVSS6.8AI score0.00696EPSS

Exploits1

Github Security Blog•added 2023/04/04 9:11 p.m.•36 views

Docker Swarm encrypted overlay network with a single endpoint is unauthenticated

6.8CVSS7AI score0.0144EPSS

Exploits0References7Affected Software1

OSV•added 2023/04/04 9:11 p.m.•46 views

GHSA-6WRF-MXFJ-PF5P Docker Swarm encrypted overlay network with a single endpoint is unauthenticated

6.8CVSS7.8AI score0.02733EPSS

Exploits2References7

Vulnrichment•added 2023/04/04 9:7 p.m.•4 views

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

6.8CVSS7.5AI score0.0144EPSS

Exploits0References8

CVE•added 2023/04/04 9:7 p.m.•742 views

CVE-2023-28842

CVE-2023-28842 affects Moby/dockerd, specifically Swarm overlay with encrypted VXLAN: an endpoint on an encrypted overlay can be unauthenticated, allowing cleartext VXLAN traffic to be injected or leaked under certain conditions. The issue stems from how iptables rules and IPsec handling are appl...

6.8CVSS7.6AI score0.0144EPSS

Exploits0References8Affected Software1

Debian CVE•added 2023/04/04 9:7 p.m.•32 views

CVE-2023-28842

6.8CVSS7AI score0.0144EPSS

Exploits0

OSV•added 2023/04/04 9:7 p.m.•41 views

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

6.8CVSS7.2AI score0.0144EPSS

Exploits0References10

NVD•added 2023/04/04 1:15 p.m.•18 views

CVE-2023-28998

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new...

6.7CVSS6.5AI score0.00679EPSS

Exploits1References3

OSV•added 2023/04/04 1:15 p.m.•2 views

DEBIAN-CVE-2023-28998

6.1CVSS6.3AI score0.00679EPSS

Exploits1References1

OSV•added 2023/04/04 1:15 p.m.•1 views

DEBIAN-CVE-2023-28997

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5...

6.5CVSS6.3AI score0.01113EPSS

Exploits1References1

UbuntuCve•added 2023/04/04 1:15 p.m.•21 views

CVE-2023-28998

6.7CVSS6.6AI score0.00679EPSS

Exploits1References4

OSV•added 2023/04/04 1:15 p.m.•1 views

UBUNTU-CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

6.9CVSS5.8AI score0.00678EPSS

Exploits1References5

OSV•added 2023/04/04 1:15 p.m.•1 views

UBUNTU-CVE-2023-28997

6.7CVSS5.8AI score0.01113EPSS

Exploits1References5

OSV•added 2023/04/04 1:15 p.m.•1 views

UBUNTU-CVE-2023-28998

6.7CVSS6.6AI score0.00679EPSS

Exploits1References5

Debian CVE•added 2023/04/04 12:45 p.m.•25 views

CVE-2023-28998

6.7CVSS6.3AI score0.00679EPSS

Exploits1

Positive Technologies•added 2023/04/04 12:0 a.m.•4 views

PT-2023-22075 · Nextcloud +2 · Nextcloud Android App +4

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions 3.0.0 through 3.8.0 Nextcloud Android app versions 3.13.0 through 3.25.0 Nextcloud iOS app versions 3.0.5 through 4.8.0 Description: A malicious server administrator can gain full access to an end-to-end...

8.8CVSS6AI score0.04698EPSS

Exploits10References38

CNNVD•added 2023/04/04 12:0 a.m.•4 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Desktop Client version 3.0.0 through versions prior to 3.6.5. An attacker could exploit the vulnerability to...

6.7CVSS6.4AI score0.01113EPSS

Exploits1References4

Positive Technologies•added 2023/04/04 12:0 a.m.•3 views

PT-2023-22073 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions 3.0.0 through 3.6.4 Description: The issue allows a malicious server administrator to recover and modify the contents of end-to-end encrypted files. This is a significant concern for users who rely on the...

8.8CVSS5.9AI score0.04698EPSS

Exploits10References37

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by