PT-2025-18104 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.41.0 Description: A vulnerability in the update process of Docker Desktop for Windows could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts ...

PT-2025-2718 · Ibm · Ibm Security Verify Access +1

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access versions 10.0.0 through 10.0.8 IBM Security Verify Access Docker versions 10.0.0 through 10.0.8 Description: The issue allows an unverified user to change the password of an expired user without prior knowledge of...

RHEL 9 : buildah (RHSA-2024:6189)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6189 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working...

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

CVE-2024-45313

Summary: CVE-2024-45313 affects Overleaf Server Pro when installed via the Overleaf Toolkit or legacy docker-compose deployments prior to mid-2024. By default, LaTeX compiles could access the sharelatex container resources (filesystem, network, environment variables) if security features were not...

CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

Joomla API Improper Access Checks

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla API Improper Access Checks', 'Description' = %q Joomla versions between 4.0.0 and 4.2.7, inclusive, contain an improper API access...

ownCloud Phpinfo Reader

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ownCloud Phpinfo Reader', 'Description' = %q Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or...

SaltStack Salt Master Server Root Key Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...

OESA-2024-2074 moby security update

Docker is a product for you to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an...

The vulnerability of the API journal of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the log function API of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the Relay Hosts Configuration function in the Docker-based deployment and email server management tool, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the Relay Hosts Configuration function in the Docker-based deployment and email server management tool, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute...

Important: docker

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: docker

Issue Overview: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorizatio...

Medium: runc

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: runc Note: This advisory is applicable to Amazon Linu...

Medium: docker

Issue Overview: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorizatio...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-045 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body ...

Amazon Linux 2 : docker (ALASDOCKER-2024-044)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-044 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...

Amazon Linux 2 : docker (ALASDOCKER-2024-045)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-045 advisory. When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an...