EulerOS 2.0 SP9 : docker-runc (EulerOS-SA-2024-2810)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and...

EulerOS 2.0 SP10 : docker-runc (EulerOS-SA-2024-2902)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification.runc 1.1.13 and earlier, as well as 1.2.0-rc2 and...

Exploit for Deserialization of Untrusted Data in Alibaba Fastjson

CVE-2022-25845-In-Spring 主要依赖 1. jackson 2. commons-io 快...

Exploit for CVE-2023-6553

CVE-2023-6553 Exploit Development for CVE-2023-6553 on Backup...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2797)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2785)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-2797)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-2785)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain...

SUSE CVE-2024-47832

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

docker-stable-24.0.9_ce-1.1 on GA media (moderate)

docker-stable-24.0.9ce-1.1 on GA media Announcement ID: openSUSE-SU-2024:14446-1 Rating: moderate Cross-References: CVE-2024-41110 CVSS scores: CVE-2024-41110 SUSE : 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

OPENSUSE-SU-2024:14446-1 docker-stable-24.0.9_ce-1.1 on GA media

These are all security issues fixed in the docker-stable-24.0.9ce-1.1 package on the GA media of openSUSE Tumbleweed...

The vulnerability of the Docker Integration component of the Warp terminal emulator allows a hacker to execute arbitrary code.

The vulnerability of the Docker Integration component of the Warp terminal emulator emulator is related to incorrect code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created link...

Exploit for Injection in Oracle Agile_Plm

针对 loj4j2 CVE-2021-44228 漏洞的研究 实验平台 - VirtualBox 7.0.12 r159484 Qt5.15.2 - Attacker kali - 网络地址转换（NAT） - host-only 网络 192.168.56.101 - Victim kali 2023.3 - 网络地址转换（NAT） - host-only 网络 192.168.56.112 实验任务 - - x 搭建实验平台 - - x 漏洞存在性验证 以 loj4j2 CVE-2021-44228 为例 - - x 漏洞可利用验证 以 loj4j2 CVE-2021-44228 为例...

Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters

This article details a new campaign by TeamTNT, a notorious hacking group, leveraging exposed Docker daemons to deploy…...

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

GHSA-H99M-6755-RGWC Rancher Remote Code Execution via Cluster/Node Drivers

Impact A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-37383-POC Proof of concept for CVE-2024-37383 Int...

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining...

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts...