Recent vulnerabilities and exploits

NA

cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569)....

NA

In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552)....

NA

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561)....

NA

cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566)....

NA

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485)....

NA

cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491)....

4.6

CVSSv2

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than...

1 Github repository available

7.5

CVSSv2

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container....

6 Github repositories available

6.8

CVSSv2

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new...

3 Github repositories available

7.5

CVSSv2

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then...

20 Github repositories available5 Articles available

« PREV 1 2 3 4 5 6 7 8 NEXT »