9215 matches found
Security update for docker
This update for docker fixes the following issues: Update to Docker 27.5.1-ce bsc1237335: CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration bsc1234089. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...
SUSE-SU-2025:0992-1 Security update for docker
This update for docker fixes the following issues: Update to Docker 27.5.1-ce bsc1237335: - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration bsc1234089...
CVE-2024-7771
A vulnerability in the Dockerized version of mintplex-labs/anything-llm latest, digest 1d9452da2b92 allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the entire site instance. The issue arises from...
CVE-2024-13060
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-8060
OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...
CVE-2021-41089 vulnerabilities
Vulnerabilities for packages: docker...
GHSA-V994-F8VW-G7J4 vulnerabilities
Vulnerabilities for packages: docker...
GHSA-V994-F8VW-G7J4 vulnerabilities
Vulnerabilities for packages: docker...
CVE-2021-41089 vulnerabilities
Vulnerabilities for packages: docker...
Unintended Secret Exposure
github.com/docker/buildx is vulnerable to unintended secret exposure. The vulnerability is due to improper handling of sensitive data in OpenTelemetry traces and BuildKit daemon's history records, that allows an attacker to access sensitive secrets by extracting them...
GHSA-FF5C-56M7-VC75 Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions
OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...
Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions
OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...
CVE-2024-13060
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-8060 Remote Code Execution in OpenWebUI via Arbitrary File Upload
OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...
CVE-2024-13060
CVE-2024-13060 affects AnythingLLM Docker 1.3.1 and earlier. Affected component: the user cookie handling (cookie parameter id) that determines which profile picture is loaded. Root cause: insufficient authorization checks allow users with Default permission to access other users’ profile picture...
CVE-2025-0495 vulnerabilities
Vulnerabilities for packages: kubescape, docker-compose...
GHSA-M4GQ-FM9H-8Q75 vulnerabilities
Vulnerabilities for packages: kubescape, docker-compose...