SUSE: Security Advisory (SUSE-SU-2024:4204-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for docker-stable

This update for docker-stable fixes the following issues: Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. Update --add-runtime to point to correct binary path. Further merge docker and...

SUSE-SU-2024:4205-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Update --add-runtime to point to correct binary path. - Further merge docker a...

Security update for docker-stable

This update for docker-stable fixes the following issues: CVE-2024-41110: Fixed Authz zero length regression bsc1228324. Bug fixes: Allow users to disable SUSE secrets support by setting DOCKERSUSESECRETSENABLE=0 in /etc/sysconfig/docker bsc1231348. Import specfile changes for docker-buildx as we...

SUSE-SU-2024:4204-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - CVE-2024-41110: Fixed Authz zero length regression bsc1228324. Bug fixes: - Allow users to disable SUSE secrets support by setting DOCKERSUSESECRETSENABLE=0 in /etc/sysconfig/docker bsc1231348. - Import specfile changes for docker-buildx...

CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2

CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2. A patched version of the package is available...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

PoC Authentication Bypass MFA Really Simple Security WordPress...

Gafgyt Malware Targeting Docker Remote API Servers

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...

Gafgyt Malware Broadens Its Scope in Recent Attacks

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...

The vulnerability of the Docker-based registration system for incoming goods, which allows attackers to enhance their privileges.

The vulnerability of the Docker-based registration system for incoming goods involves deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

AZL-53827 CVE-2024-36623 affecting package docker-cli for versions less than 25.0.3-3

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...

CVE-2024-36623

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...

CVE-2024-36621

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion...

Exploit for Use of Hard-coded Credentials in Mariazevedo88 Travels-Java-Api

PoC Authentication Bypass MFA Really Simple Security WordPress...

CVE-2024-53844

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

CVE-2024-53844

CVE-2024-53844 affects labsai/eddi (EDDI), a middleware for LLM API bots. The vulnerability is a path traversal in the backup export functionality, exploitable via the botFilename parameter in RestExportService.java. Input is not properly sanitized, allowing attackers to access arbitrary files in...

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

Exploit for CVE-2024-21534

Vulnerability Information: CVE-2024-21534 The jsonpath-plus...