Lucene search
K

281 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/28 12:0 a.m.12 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...

5.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2024/06/27 12:0 a.m.18 views

Ubuntu: Security Advisory (USN-6851-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.00264EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2024/06/26 1:45 p.m.356 views

USN-6851-1: Netplan vulnerabilities

Andreas Hasenack discovered that netplan incorrectly handled the permissions for netdev files containing wireguard configuration. An attacker could use this to obtain wireguard secret keys. It was discovered that netplan configuration could be manipulated into injecting arbitrary commands while...

6.5CVSS5.8AI score0.00264EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/06/11 7:48 p.m.24 views

Moderate: Red Hat Security Advisory: containernetworking-plugins security and bug fix update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6.8AI score0.01165EPSS
Exploits0References2
OSV
OSV
added 2024/06/05 3:10 p.m.8 views

GO-2024-2737 IPv6 enabled on IPv4-only network interfaces in github.com/docker/docker

IPv6 enabled on IPv4-only network interfaces in github.com/docker/docker...

6.5CVSS4.9AI score0.00353EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/06/03 2:0 p.m.14 views

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan RAT on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for...

8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/28 9:19 p.m.33 views

dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...

5.3CVSS6.9AI score0.0071EPSS
Exploits0References13Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/27 5:17 p.m.18 views

CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...

5.3CVSS7AI score0.0071EPSS
Exploits0References11
OSV
OSV
added 2024/05/27 5:17 p.m.24 views

CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...

5.3CVSS5.4AI score0.0071EPSS
Exploits0References13
CVE
CVE
added 2024/05/27 5:17 p.m.68 views

CVE-2024-36105

CVE-2024-36105 affects dbt-core prior to 1.6.15, 1.7.15, and 1.8.1. The issue arises when the docs server binds to INADDR_ANY or IN6ADDR_ANY (0.0.0.0/::) instead of localhost, exposing the HTTP server on all network interfaces. This can enable unauthorized access from other hosts on the same netw...

5.3CVSS5.2AI score0.0071EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/05/23 3:5 a.m.3 views

SUSE CVE-2021-47259

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4initclient KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting...

7.8CVSS6.5AI score0.01109EPSS
Exploits0References7
OSV
OSV
added 2024/05/21 3:15 p.m.2 views

DEBIAN-CVE-2021-47259

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4initclient KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting...

7.5CVSS5.8AI score0.01109EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.37 views

Docker Engine 26.0.0 < 26.0.2 Unexpected Resource Exposure

The version of the Docker Engine installed on the remote host is 26.0.x prior to 26.0.2. It is therefore affected by an unexpected resource exposure vulnerability. In the affected versions of Moby, an open source container framework that is a key component of Docker Engine, Docker Desktop, and...

6.5CVSS5.9AI score0.00353EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/04/20 4:18 p.m.34 views

CVE-2024-32473

A flaw was found in Moby, an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling and runtimes. In certain versions, IPv6 is not disabled on network interfaces, including those belonging to networks where...

4.7CVSS6.7AI score0.00353EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/04/18 9:55 p.m.30 views

CVE-2024-32473 Moby IPv6 enabled on IPv4-only network interfaces

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...

4.7CVSS4.7AI score0.00353EPSS
Exploits0References2
OSV
OSV
added 2024/04/18 9:55 p.m.17 views

CVE-2024-32473 Moby IPv6 enabled on IPv4-only network interfaces

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...

4.7CVSS4.5AI score0.00353EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/04/18 9:55 p.m.19 views

CVE-2024-32473

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...

6.5CVSS4.3AI score0.00353EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/18 9:52 p.m.36 views

IPv6 enabled on IPv4-only network interfaces

In 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. Impact A container with an ipvlan or macvlan interface will normally be configured to share an external network link with the host machine. Because of this direct access, wi...

6.5CVSS6.9AI score0.00353EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.5 views

PT-2024-23582 · Unknown · Ros2 Galactic Geochelone

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions 2 Description: An insecure deserialization vulnerability has been identified, allowing attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and...

7.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.5 views

PT-2024-23568 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: An insecure deserialization issue allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components,...

8AI score
Exploits0References3
Rows per page
Query Builder