CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

CVE-2024-45497

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

CVE-2024-45497 Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...

CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2

CVE-2024-45337 affecting package docker-buildx for versions less than 0.14.0-2. A patched version of the package is available...

The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, which is related to errors in privilege management, allows attackers to elevate their privileges.

The vulnerability of the application access protection software in Docker environments is related to errors in privilege management. Exploiting this vulnerability can allow attackers to enhance their privileges...

SUSE SLES15 / openSUSE 15 : Recommended update for docker-stable (SUSE-SU-SUSE-RU-2024:4391-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2024:4391-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last...

SUSE-RU-2024:4391-1 Recommended update for docker-stable

This update for docker-stable fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Dock...

Exploit for Cross-site Scripting in Melapress Wp_Activity_Log

CVE-2024-10793 PoC Set this lines to your hosts file:...

CVE-2024-35141

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges...

CVE-2024-35141

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges...

CVE-2024-35141 IBM Security Verify Access privilege escalation

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges...

IBM Security Verify Access Docker 安全漏洞

IBM Security Verify Access Docker is a service from International Business Machines IBM that can be used to configure a Security Verify Access environment for Docker. A security vulnerability exists in IBM Security Verify Access Docker versions 10.0.0 through 10.0.6, which stems from a...

docker-27.4.1_ce-12.1 on GA media (moderate)

docker-27.4.1ce-12.1 on GA media Announcement ID: openSUSE-SU-2024:14597-1 Rating: moderate Cross-References: CVE-2024-29018 CVSS scores: CVE-2024-29018 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2024-29018 SUSE : 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:...

GHSA-W32M-9786-JP63 vulnerabilities

Vulnerabilities for packages: cloud-provider-aws, ollama, crossplane-provider-aws-dynamodb, dagdotdev, dataplaneapi, kubeadm-bootstrap-controller, nri-kafka, falcoctl, timestamp-authority, descheduler, multus-cni, pulumi-language-java, dagger, nsc, promxy, flyte, crossplane-provider-family-azure,...

AZL-54404 CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54446 CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

CVE-2024-45338 vulnerabilities

Vulnerabilities for packages: cloud-provider-aws, ollama, crossplane-provider-aws-dynamodb, dagdotdev, dataplaneapi, kubeadm-bootstrap-controller, nri-kafka, falcoctl, timestamp-authority, descheduler, multus-cni, pulumi-language-java, dagger, nsc, promxy, flyte, crossplane-provider-family-azure,...

CVE-2024-45338 vulnerabilities

Vulnerabilities for packages: bom, ko-fips, tigera-operator, linkerd2, kubernetes-csi-livenessprobe, aws-ebs-csi-driver, kube-oidc-proxy, kuberay-operator-fips, kbld-fips, nerdctl, sqlexporter, helm-operator, hugo-fips, sftpgo-plugin-geoipfilter, falcosidekick-fips, aws-efs-csi-driver-fips,...

OPENSUSE-SU-2024:14598-1 docker-stable-24.0.9_ce-6.1 on GA media

These are all security issues fixed in the docker-stable-24.0.9ce-6.1 package on the GA media of openSUSE Tumbleweed...

PT-2024-36564 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.43 Description: Kanboard is project management software that focuses on the Kanban methodology. In affected versions, sessions are still usable even though their lifetime has exceeded. Kanboard implements a cust...