PT-2024-29969 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions 1.5.7 through 1.5.8 Description: OpenFGA is an authorization/permission engine. The issue concerns an authorization bypass when calling the Check API with a model that uses but not and from expressions and a userset...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2080)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2097)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to github.com/docker/distribution ( CVE-2023-2253 )

Summary Go module github.com/docker/distribution is used by IBM Cloud Pak for Data. CVE-2023-2253. Vulnerability Details CVEID:CVE-2023-2253 DESCRIPTION: Distribution is vulnerable to a denial of service, caused by improper input validation by the /v2/catalog endpoint. By sending a specially...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-2097)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-2080)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

SUSE: Security Advisory (SUSE-SU-2024:2801-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microweber 2.0.15 Cross Site Scripting Vulnerability

Microweber version 1.0 suffers from a cross site scripting vulnerability in the search functionality. Original discovery of cross site scripting in this version is attributed to tmrswrr in June of 2024. Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Exploit Author: Prerak...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2069)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:2801-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microweber 2.0.15 Cross Site Scripting

Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Date: 16.07.2024 Exploit Author: Prerak Mittal Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15 Version: =v2.0.15 Tested on: Ubuntu 22.04 CVE : CVE-2024-401...

CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-41110)

The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41110 advisory. - Moby is an open-source project created by Docker for software containerization. A security vulnerabilit...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2024-2069)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...

CVE-2024-41960

CVE-2024-41960 affects mailcow: dockerized (Relay Hosts configuration). An authenticated admin can inject a JavaScript payload into the Relay Hosts config, and the payload executes in the user’s browser when the configuration page is viewed, enabling arbitrary script execution in the user context...

CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...

SUSE SLES12 Security Update : docker (SUSE-SU-2024:2709-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2709-1 advisory. - Update to Docker 25.0.6-ce. See upstream changelog online at - CVE-2024-41110: A Authz zero length regression that could lead to...

Leaked GitHub Python Token

Heres a disaster that didnt happen: Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index PyPI, and the Python...

SUSE-SU-2024:2709-1 Security update for docker

This update for docker fixes the following issues: - Update to Docker 25.0.6-ce. See upstream changelog online at - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed bsc1228324 - Fix BuildKit's symlink resolution logic to correctly handle non-lexica...

OPENSUSE-SU-2024:14229-1 docker-26.1.5_ce-1.1 on GA media

These are all security issues fixed in the docker-26.1.5ce-1.1 package on the GA media of openSUSE Tumbleweed...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...