Lucene search
K

7 matches found

OSV
OSV
added 2024/05/20 8:36 p.m.21 views

CVE-2024-35192 Trivy possibly leaks registry credential when scanning images from malicious registries

Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Contain...

5.5CVSS5.2AI score0.0019EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 3:48 p.m.45 views

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security...

9.8CVSS8AI score0.01613EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.32 views

Siemens SCALANCE LPE9403 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-41092)

A vulnerability was found in the Docker CLI where running 'docker login my-private-registry.example.com' with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

7.5CVSS6.2AI score0.01536EPSS
Exploits0References4
Wallarm Lab
Wallarm Lab
added 2023/02/11 4:7 p.m.65 views

Octopus Strike! Three Argo CD API Exploits In Two Weeks

Argo CD is a popular Continuous Deployment tool that enables DevOps teams to manage their applications across multiple environments. However, in the past two weeks, three critical vulnerabilities have been detected in the tool, exposing sensitive information and compromising the security of the...

6.5CVSS8.1AI score0.00879EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.52 views

Oracle Linux 8 : curl (ELSA-2021-4511)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4511 advisory. - fix STARTTLS protocol injection via MITM CVE-2021-22947 - fix protocol downgrade required TLS bypass CVE-2021-22946 - fix TELNET stack contents...

7.5CVSS6.9AI score0.0627EPSS
Exploits8References4
ATTACKERKB
ATTACKERKB
added 2021/07/09 12:0 a.m.112 views

CVE-2021-30116

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS9.2AI score0.85619EPSS
In wildExploits1References6
RedHat Linux
RedHat Linux
added 2019/06/11 3:32 p.m.150 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.3.2 security update

A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.4AI score0.87218EPSS
Exploits8References14
Rows per page
Query Builder