CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

How Can Deliberately Flawed APIs Help In Mastering API Security?

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...

CVE-2024-41110

creationtimestamp| type| source ---|---|--- 2024-07-24 12:40:48+00:00| published-proof-of-concept| https://t.me/HackingInsights/7215 2024-07-24 19:59:43+00:00| seen| https://t.me/cvedetector/1578 2024-07-25 07:55:26+00:00| seen| https://t.me/thehackernews/5313 2024-07-25 08:02:41+00:00| seen|...

Docker Engine 安全漏洞

Docker Engine is a set of lightweight runtime environment and package management tools from Docker Inc. in the United States. A security vulnerability exists in Docker Engine that stems from a vulnerability that allows an attacker to bypass the authorization plugin under certain circumstances,...

Photon OS 4.0: Docker PHSA-2023-4.0-0417

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0417. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Docker PHSA-2023-3.0-0604

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0604. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2024-41664 Blind SSRF via Canarytoken Webhook

Canarytokens help track activity and actions on a network. Prior to sha-8ea5315, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytok...

CVE-2024-41663 Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting

Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...

CVE-2024-41663 Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting

Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...

CVE-2024-41663

CVE-2024-41663 concerns Canarytokens’ Cloned Website feature. The issue is a self‑XSS: the creator of a slow‑redirect Canarytoken can inject JavaScript into the destination URL, which executes when the creator later opens the token’s management page. Attackers could craft a token with this self‑X...

CVE-2024-41663 Canarytoken "Cloned Website" Vulnerable to Stored Cross-Site Scripting

Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...

The vulnerability of the rspamd_maps() function in the Docker-based email server deployment and management tool, mailcow:dockerized, allows a attacker to execute arbitrary code.

The vulnerability of the rspamdmaps function in the Docker-based email server deployment and management tool, mailcow:dockerized, is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

PT-2024-29493 · Unknown · Canarytokens

Name of the Vulnerable Software and Affected Versions: Canarytokens versions prior to sha-8ea5315 Description: Canarytokens help track activity and actions on a network. The Webhook alert feature in Canarytokens.org was vulnerable to a blind Server-Side Request Forgery SSRF prior to sha-8ea5315...

Photon OS 2.0: Docker PHSA-2019-2.0-0128

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0128. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2024-29492 · Unknown · Canarytokens

Name of the Vulnerable Software and Affected Versions: Canarytokens versions prior to the latest Docker image after sha-097d91a Description: A Cross-Site Scripting issue was identified in the "Cloned Website" Canarytoken. The creator of a slow-redirect Canarytoken can insert Javascript into the...

Photon OS 5.0: Docker PHSA-2023-5.0-0038

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 2.0: Docker PHSA-2019-2.0-0129

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0129. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-2024)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 3.0: Docker PHSA-2019-3.0-0001

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0001. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Information Disclosure

github.com/docker/docker is vulnerable to Information Disclosure. The vulnerability is due to the unexpected inclusion of arbitrary filesystem paths in the build context when exploited by a malicious Git repository. Attackers can use this to include sensitive files in the build context without th...