9218 matches found
CVE-2024-13060
CVE-2024-13060 affects AnythingLLM Docker 1.3.1 and earlier. Affected component: the user cookie handling (cookie parameter id) that determines which profile picture is loaded. Root cause: insufficient authorization checks allow users with Default permission to access other users’ profile picture...
CVE-2025-0495 vulnerabilities
Vulnerabilities for packages: kubescape, docker-compose...
GHSA-M4GQ-FM9H-8Q75 vulnerabilities
Vulnerabilities for packages: kubescape, docker-compose...
CVE-2024-40635 vulnerabilities
Vulnerabilities for packages: chartmuseum, datadog-agent, grype, kubescape, cilium-cli, trivy, docker-compose, kaniko, k8ssandra-client, flux-source-controller, k3s, syft, envoy-gateway, spegel, nerdctl, kubevela, rancher-fleet, cert-manager-cmctl, buildkitd, docker-cli-buildx, gatekeeper,...
GHSA-265R-HFXG-FHMG vulnerabilities
Vulnerabilities for packages: chartmuseum, datadog-agent, grype, kubescape, cilium-cli, trivy, docker-compose, kaniko, k8ssandra-client, flux-source-controller, k3s, syft, envoy-gateway, spegel, nerdctl, kubevela, rancher-fleet, cert-manager-cmctl, buildkitd, docker-cli-buildx, gatekeeper,...
PT-2025-12191 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm version 1d9452da2b92 Description: A denial of service issue arises when uploading an audio file with a very low sample rate, causing the site instance to crash. This occurs due to the localWhisper implementation,...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495 vulnerabilities
Vulnerabilities for packages: docker-compose-fips, kubescape, docker-compose...
GHSA-M4GQ-FM9H-8Q75 vulnerabilities
Vulnerabilities for packages: docker-compose-fips, kubescape, docker-compose...
CVE-2024-40635
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of credentials being passed as parameter values when registering a new user via the OpenTelemetry endpoint. These values may be passed in a cache-to/cache-from configuration a...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
AZL-58863 CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495 Secrets leakage to telemetry endpoint via cache backend configuration via buildx
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495
CVE-2025-0495 affects docker-buildx/moby-buildx (Buildx) where credentials set as attribute values in cache-to/cache-from can be captured by OpenTelemetry traces and BuildKit history. Exploitation status is not detailed in the provided sources. The vulnerability does not apply to secrets passed v...
CVE-2025-0495
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
PT-2025-11542 · Docker +4 · Buildx +4
Name of the Vulnerable Software and Affected Versions: Buildx versions affected versions not specified Description: The issue concerns the Buildx Docker CLI plugin, which extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values ...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1242)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1227)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...