7 matches found
CVE-2024-35192 Trivy possibly leaks registry credential when scanning images from malicious registries
Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security...
Siemens SCALANCE LPE9403 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-41092)
A vulnerability was found in the Docker CLI where running 'docker login my-private-registry.example.com' with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...
Octopus Strike! Three Argo CD API Exploits In Two Weeks
Argo CD is a popular Continuous Deployment tool that enables DevOps teams to manage their applications across multiple environments. However, in the past two weeks, three critical vulnerabilities have been detected in the tool, exposing sensitive information and compromising the security of the...
Oracle Linux 8 : curl (ELSA-2021-4511)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4511 advisory. - fix STARTTLS protocol injection via MITM CVE-2021-22947 - fix protocol downgrade required TLS bypass CVE-2021-22946 - fix TELNET stack contents...
CVE-2021-30116
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.3.2 security update
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...