Amazon Linux 2 : docker (ALASDOCKER-2024-040)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-040 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...

Amazon Linux 2023 : docker (ALAS2023-2024-674)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-674 advisory. 2024-08-28: CVE-2024-29018 was added to this advisory. 2024-08-28: CVE-2024-24786 was added to this advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certa...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution CVE-20...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2024-041)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2024-041 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory...

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Summary A significant vulnerability CVE-2024-41110 was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 critical...

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Summary A significant vulnerability CVE-2024-41110 was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 critical...

Exploit for Improper Input Validation in Apache Superset

CVE-2024-34693 Exploit This repository contains a sophisticat...

pREST vulnerable to jwt bypass + sql injection

Summary Probably jwt bypass + sql injection or what i'm doing wrong? PoC how to reproduce 1. Create following files: docker-compose.yml: services: postgres: image: postgres containername: postgrescontainermre environment: POSTGRESUSER: testuserpg POSTGRESPASSWORD: testpasspg POSTGRESDB: testdb...

GHSA-WM25-J4GW-6VR3 pREST vulnerable to jwt bypass + sql injection

Summary Probably jwt bypass + sql injection or what i'm doing wrong? PoC how to reproduce 1. Create following files: docker-compose.yml: services: postgres: image: postgres containername: postgrescontainermre environment: POSTGRESUSER: testuserpg POSTGRESPASSWORD: testpasspg POSTGRESDB: testdb...

Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

GHSA-V23V-6JW2-98FQ Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

GHSA-G872-JWWR-VGGM Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

PoC exploit for CVE-2024-32002, a remote code execution vulnerab...

Improper Authentication

github.com/moby/moby is vulnerable to Improper Authentication. The vulnerability is due to the Docker Engine handling of specially-crafted API requests, which causes authorization plugins to receive requests or responses without the body. Attackers can use this flaw to bypass AuthZ plugins and...

(Pwn2Own) Docker Desktop extension-manager Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The specific flaw exists within the the implemention...

ROS-20240729-21

Vulnerability of authorization plugins AuthZ of the software for automating deployment and management of applications in containerized environments Docker Engine is related to flaws in the AuthZ plugin. application management in containerization-enabled environments Docker Engine is associated wi...

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...