Lucene search
+L

360 matches found

The Hacker News
The Hacker News
added 2019/09/18 2:11 p.m.2 views

IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador's History

Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more th...

6.6AI score
Exploits0
Veracode
Veracode
added 2019/07/10 11:8 a.m.13 views

Man-in-the-Middle (MitM)

Kubevirt/virt-cdi-importer is vulnerable to man-in-the-middle attacks. A remote unauthenticated attacker could exploit in the TLS Certificate Validation component since it disables TLS certificate validation when importing data into PVCs from container registries, allowing attackers to sniff or...

7.4CVSS6.5AI score0.00531EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.33 views

openSUSE Security Update : singularity (openSUSE-2019-811)

Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed : - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0 : - Allow admin to specify a non-standard location for mksquashfs bina...

6.8CVSS6.8AI score0.01596EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.34 views

openSUSE Security Update : containerd / docker and go (openSUSE-2019-1044)

This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to...

9.3CVSS7AI score0.66252EPSS
Exploits1References26
Prion
Prion
added 2019/03/25 6:29 p.m.16 views

Input validation

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

4.9CVSS6.5AI score0.00531EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/03/25 6:29 p.m.15 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

6.8CVSS6.7AI score0.00531EPSS
Exploits1References2
CVE
CVE
added 2019/03/25 5:3 p.m.52 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0–1.5.3, were reported to disable TLS certificate validation when importing data into PVCs from container registries, enabling potential man-in-the-middle attacks that could tamper with trusted container image content. The affected component is the virt-cd...

7.4CVSS6.4AI score0.00531EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/03/25 5:3 p.m.21 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

7.4CVSS7.3AI score0.00531EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2019/03/01 9:19 a.m.30 views

CVE-2019-3841

Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible...

7.4CVSS4.5AI score0.00531EPSS
Exploits1References3
Veracode
Veracode
added 2019/01/15 9:22 a.m.26 views

Authorization Bypass

atomic-openshift is vulnerable to authorization bypass attacks. The vulnerability exists as the OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from...

5.3CVSS5.5AI score0.00991EPSS
Exploits0References316Affected Software174
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.33 views

SUSE SLED15 / SLES15 Security Update : containerd, docker / go (SUSE-SU-2018:4297-1)

This update for containerd, docker and go fixes the following issues : containerd and docker : Add backport for building containerd bsc1102522, bsc1113313 Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 Enable seccomp support on SLE12 fate325877 Update to...

9.3CVSS7.1AI score0.66252EPSS
Exploits1References30
Tenable Nessus
Tenable Nessus
added 2018/12/31 12:0 a.m.56 views

openSUSE Security Update : containerd / docker and go (openSUSE-2018-1626)

This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to...

9.3CVSS7AI score0.66252EPSS
Exploits1References26
OPENSUSE Linux
OPENSUSE Linux
added 2018/12/29 3:14 p.m.61 views

Security update for containerd, docker and go (important)

This update for containerd, docker and go fixes the following issues: containerd and docker: - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to container...

9.3CVSS0.6AI score0.66252EPSS
Exploits1References21
The Hacker News
The Hacker News
added 2018/07/20 12:26 p.m.50 views

Singapore's Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen

Singapore's largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018. SingHealth is the largest healthcare group in Singapore with 2 tertiary...

0.7AI score
Exploits0
NVD
NVD
added 2018/07/16 8:29 p.m.36 views

CVE-2017-15137

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...

5.3CVSS4.9AI score0.00991EPSS
Exploits0References2
OSV
OSV
added 2018/07/16 8:29 p.m.30 views

CVE-2017-15137

The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed...

5.3CVSS7AI score0.00991EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2017/09/29 11:0 a.m.16 views

ICANN Postpones Scheduled DNS Crypto Key Rollover

ICANN, the overseer of the Internet’s namespace, announced this week that it was postponing a scheduled change to the cryptographic key that protects the Domain Name System. ICANN said in a statement that the change was to occur on Oct. 11, but new data indicates that a “significant number” of...

0.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.13 views

Nmap NSE net: whois

Queries the WHOIS services of Regional Internet Registries RIR and attempts to retrieve information about the IP Address Assignment which contains the Target IP Address. In using this script your IP address will be sent to iana.org. Additionally your address and the address of the target of the...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2010/12/27 12:0 a.m.18 views

Nmap NSE: WHOIS

This script queries the WHOIS services of Regional Internet Registries RIR and attempts to retrieve information about the IP Address Assignment which contains the Target IP Address. This is a wrapper on the Nmap Security Scanner's http://nmap.org whois.nse. OpenVAS Vulnerability Test $Id:...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2009/12/21 6:4 p.m.9 views

Attackers Buying Own Data Centers for Botnets, Spam

The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the...

7AI score
Exploits0References3
Rows per page
Query Builder