CVE-2024-5652 In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode...

CVE-2024-5652 In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...

Exploit for Protection Mechanism Failure in Artifex Ghostscript

PoC exploit for CVE-2024-29510, a Ghostscript format string vuln...

Docker Desktop Security Vulnerabilities

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

Docker Desktop Security Vulnerabilities

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

SUSE SLES15 / openSUSE 15 Security Update : python-docker (SUSE-SU-2024:1937-2)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-2 advisory. - CVE-2024-35195: Fixed missing certificate verification bsc1224788. Tenable has extracted the preceding description block...

SUSE-SU-2024:1937-2 Security update for python-docker

This update for python-docker fixes the following issues: - CVE-2024-35195: Fixed missing certificate verification bsc1224788...

podman: Multiple Vulnerabilities

Background Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI. Description Please review the referenced CVE identifiers for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution Al...

Exploit for Race Condition in Openbsd Openssh

0.省流 这本质上是一种统计漏洞：需要进行大量尝试才能赢得竞争条件并成功执行任意代码，攻击者需要克服很多障碍，”Schwa...

CBL Mariner 2.0 Security Update: docker-buildx / docker-compose / moby-compose / moby-engine (CVE-2024-23650)

The version of docker-buildx / docker-compose / moby-compose / moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23650 advisory. - BuildKit is a toolkit for converting source code to bui...

CBL Mariner 2.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

CBL Mariner 2.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)

The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...

CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-24557)

The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24557 advisory. - Moby is an open-source project created by Docker to enable software containerization. The classic build...

CBL Mariner 2.0 Security Update: docker-compose / moby-engine / docker-buildx / moby-cli (CVE-2024-23653)

The version of docker-compose / moby-engine / docker-buildx / moby-cli installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23653 advisory. - BuildKit is a toolkit for converting source code to build...

Spring Tips: Testcontainers, Docker Compose, and Service Connections, oh my

Hi, Spring fans! In this installment, we look at the amazing service connection mechanism in Spring Boot. Service connections are what allow Spring Boot to connect to Testcontainers or Docker Compose containers for supporting infrastructure like SQL databases, middleare, and more. java...

CBL Mariner 2.0 Security Update: containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc (CVE-2023-47108)

The version of containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-47108 advisory. - OpenTelemetry-Go Contrib is a collecti...

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...

GO-2024-2912 Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli

Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli...